Wazuh Integration - Retry on Failure

94 views

Skip to first unread message

Jiří Chalota

unread,

Mar 13, 2024, 9:31:03 AM3/13/24

to Wazuh | Mailing List

Hello everyone, I'm testing integrations on DFIR-IRIS, Jira, Opsgenie, and similar. The integrations work without a problem, but I have a question. What if, for example, the internet isn't working? How can I ensure that the command retries until it succeeds? For instance, to try every minute to get the alert into JIRA? Is that possible?

many thx

Jiri

tomas....@wazuh.com

unread,

Mar 14, 2024, 9:46:21 AM3/14/24

to Wazuh | Mailing List

Hi Jiří,

Currently, the only integration that allows retries is VirusTotal. By default, it retries at most 3 times when the API call times out.

However, we offer the possibility to configure the number of retries (an timeout if necessary) to any custom integration. These are the settings you need to add:

<integration>

<name>custom-integration</name>

...

<timeout>30</timeout>

<retries>5</retries>

</integration>

You can read these parameters and use them accordingly. Check the VirusTotal integration as an example: https://github.com/wazuh/wazuh/blob/master/integrations/virustotal.py

This is the only option we offer as the integratord daemon doesn't retry the call in case of failure.

I hope this information helps you.

Best regards.

Tomás Turina

Reply all

Reply to author

Forward

0 new messages