Wazuh Channel -> Mattermost

158 views
Skip to first unread message

Xavier Mertens

unread,
Aug 14, 2025, 7:51:22 AM8/14/25
to Wazuh | Mailing List
Hello Wazuh'ers!

I'd like to create a channel to send notifications to a Mattermost server.
I tried to use a custom webhook but it seems that the HTTP POST request is not properly formatted for Mattermost. Anyone successfully implemented this?
Tx!

Md. Nazmur Sakib

unread,
Aug 14, 2025, 8:52:08 AM8/14/25
to Wazuh | Mailing List

Hi Xavier,



You can use the script for Slack to send the notification to Mattermost.
The only thing to do is to create a proper Mattermost incoming webhook and set the webhook in manager's ossec.conf like if we were using Slack

 <integration>

    <name>slack</name>

    <hook_url>https://xxxxxxxxx.cloud.mattermost.com/hooks/xxxxxxxxxxxxxxxxxxxxxxxxxxx</hook_url>

    <level>3</level>

    <alert_format>json</alert_format>

  </integration>



After restarting the manager, new alerts will appear in the Mattermost channel.

sudo systemctl restart wazuh-manager

image

Ref: https://documentation.wazuh.com/current/user-manual/manager/integration-with-external-apis.html


Let me know if this works for you.

Xavier Mertens

unread,
Aug 18, 2025, 8:33:42 AM8/18/25
to Wazuh | Mailing List
Tx! It worked, strange feeling to use "Slack" for Mattermost :-)
Reply all
Reply to author
Forward
0 new messages