Wazuh Integration With Gsuite

2,686 views
Skip to first unread message

John Carry

unread,
Jan 11, 2023, 2:47:43 AM1/11/23
to Wazuh mailing list
Hello Team,
Is there a way we can integrate GSUITE specifically a Paid Gmail service  to Wazuh ? Basically our company is using paid email services of Google i-e Gmail and wants to monitor the email related traffic on our SIEM.

Detailed response would be appreciated.


Regards,
John

Juan Cabrera

unread,
Jan 11, 2023, 4:21:37 AM1/11/23
to Wazuh mailing list

Hello John Carry,

Currently we do not have a direct integration with Gsuite or rules and decoders for these logs. We have an issue in our roadmap to incorporate it: https://github.com/wazuh/wazuh/issues/10776
In this issue you can track the progress of this new feature.

While this new capability is not implemented, you could route the audit logs for Google Workspace to Google Cloud following the following guide: https://cloud.google.com/logging/docs/audit/configure-gsuite-audit-logs?hl=en
and then use Wazuh to monitor GCP services: https://documentation.wazuh.com/current/gcp/index.html
Once you have everything configured, you would have to create your own rules and decoders. You have a guide on how to do it in our documentation: https://documentation.wazuh.com/current/user-manual/ruleset/custom.html
As you can see, this process is time consuming, so it has been decided to add Google Suite integration to Wazuh out of the box.

Regards,
Juan Cabrera

Reply all
Reply to author
Forward
0 new messages