Wazuh manager 4.3 Obtains the API for Security Alerts through the RESTful API
257 views
Skip to first unread message
Mind A
Mar 25, 2023, 2:43:23 PM3/25/23
to Wazuh mailing list
If I have only installed Wazuh Manager 4.3, is it possible to retrieve information from Security Alerts via RESTful API? If yes, please let me know the API. I have already gone through the latest documentation, but couldn't find any relevant information.
Nicolas Osvaldo Fernandez
Mar 26, 2023, 9:41:24 AM3/26/23
to Wazuh mailing list
Hello, nice to greet you.
To get the vulnerabilities of an agent, you can review the following documentation.
Let me know if my help helped you.
Greetings
Nicolas
To get the vulnerabilities of an agent, you can review the following documentation.
Let me know if my help helped you.
Greetings
Nicolas
Mind A
Mar 26, 2023, 10:20:38 AM3/26/23
to Wazuh mailing list
Thank you for your response, although it did not provide the information I was looking for. If I were to install only the latest version of Wazuh-manager without any additional components, and I wanted to retrieve Security events information through an API (specifically, only from the computer where Wazuh-manager is installed), is there an API available for this purpose? If so, could you please provide me with the necessary details? I apologize for any inconvenience.
Nicolas Osvaldo Fernandez
Mar 26, 2023, 5:16:20 PM3/26/23
to Wazuh mailing list
Hello, each manager includes an agent by default, in order to obtain the security events from it, you can try the following:
curl -k -X GET "https://localhost:55000/vulnerability/000" -H "Authorization: $TOKEN bearer"
Where 000, is the default agent installed in the manger.
Let me know if it worked for you.
Greetings
Nicolas
curl -k -X GET "https://localhost:55000/vulnerability/000" -H "Authorization: $TOKEN bearer"
Where 000, is the default agent installed in the manger.
Let me know if it worked for you.
Greetings
Nicolas
Mind A
Mar 26, 2023, 10:06:59 PM3/26/23
to Wazuh mailing list
Thank you for patiently answering some of my silly questions. However, isn't vulnerability/000 for getting vulnerability information? I want to retrieve information from /var/ossec/logs/alerts/alerts.json through API. Thank you very much in advance.
Nicolas Osvaldo Fernandez
Mar 27, 2023, 7:20:19 AM3/27/23
to Wazuh mailing list
Hi, sorry for the misunderstanding, let me check the documentation and do some checking and I'll get back to you. Thank you
Nicolas Osvaldo Fernandez
Mar 27, 2023, 8:21:56 AM3/27/23
to Wazuh mailing list
Hello, sorry for the delay.
The Wazuh API does not have an end point to obtain the alerts from the server, since they are indexed in OpenSearch. However, you could use the OpenSearch API to get the alerts. I leave you an example:
curl -k -u admin:admin_password https://wazuh-indexer/wazuh-alerts*/_search
You can see the official OpenSearch documentation for more information.
Let me know if I could help you.
Greetings
Nicolas
The Wazuh API does not have an end point to obtain the alerts from the server, since they are indexed in OpenSearch. However, you could use the OpenSearch API to get the alerts. I leave you an example:
curl -k -u admin:admin_password https://wazuh-indexer/wazuh-alerts*/_search
You can see the official OpenSearch documentation for more information.
Let me know if I could help you.
Greetings
Nicolas
Mind A
Mar 27, 2023, 8:40:32 AM3/27/23
to Wazuh mailing list
Thank you for your patient and helpful responses. I appreciate your assistance very much.
Nicolas Osvaldo Fernandez
Mar 27, 2023, 9:37:00 AM3/27/23
to Wazuh mailing list
You're welcome, any questions at your disposal, Regards, Nicolás
Reply all
Reply to author
Forward
0 new messages