Wazuh Integration Scope

[Basim Ibrahim]

Hi Team,

Is there any way  i can limit the scope of alerts being send out via webhook?

Setup:

Alerts generated in Wazuh -> All alerts above level 3 are send to teams channel

 configured via {https://github.com/redanthrax/wazuh-teams-integration/tree/master}

use Case:

Insted of sending alerts of all agents can i set something like if agent name is Test2 then send alerts to teams else dont send keep it in wazuh console itself.

[Santiago David Vendramini]

Hello, here you can see all the configuration options of the integration module: https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/integration.html. You just have to add the tag you need in the ossec.conf file in the part where you have configured this integration with Teams. For the specific scenario you are raising there is no configuration available. But we already have in our backlog an issue to be able to support this type of configurations in the future: https://github.com/wazuh/wazuh/issues/15677 .

Let me know if you need anything else! Best Regards!