How to config alert email with level 3-7 send A email and 8-15 send other email.
435 views
Skip to first unread message
Tran Quang Du
Nov 20, 2021, 11:27:15 AM11/20/21
to Wazuh mailing list
Hi Everyone,
I have question:
Thanks
Daniel Folch
Nov 22, 2021, 3:02:29 AM11/22/21
to Wazuh mailing list
Hello,
You can set multiple email_alerts sections, in the ossec.conf file this way you can configure Wazuh to send emails to different addresses depending on various conditions such as alert level.
In your case, you will need to add this to your ossec.conf:
<email_alerts>
<email_to>domain1.com </email_to>
<level>3</level>
</email_alerts>
<email_alerts>
<email_to>domain2.com </email_to>
<level>8</level>
</email_alerts>
In these pages of our documentation you can find more information about this topic:
https://documentation.wazuh.com/current/user-manual/manager/manual-email-report/index.html
https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/email-alerts.html
Regards,
Daniel Folch
Tran Quang Du
Nov 23, 2021, 8:20:16 PM11/23/21
to Daniel Folch, Wazuh mailing list
Hi Daniel Folch,
I have configured above, in my case, If alert level 10. it will send to 2 email,
I think there might be another way. and I want:
If level 3-7 send domain1.com
If level 8-16 send domain2.com
Thanks you!!
Vào Th 2, 22 thg 11, 2021 vào lúc 15:02 Daniel Folch <daniel...@wazuh.com> đã viết:
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/sBK0VinDg5Q/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/cacae5b1-31b7-4e4b-ba0a-c4abe2e03b08n%40googlegroups.com.
Sandra Ocando
Dec 10, 2021, 11:08:29 AM12/10/21
to Wazuh mailing list
Hello!
To achieve this you can use the Wazuh integrator module and a script to send custom emails. I'm attaching a script that sends emails alerts level 7 or lower to us...@domain1.com, and level 8 or higher to us...@domain2.com.
To use this script, add the following integration in /var/ossec/etc/ossec.conf on your Wazuh manager:
To achieve this you can use the Wazuh integrator module and a script to send custom emails. I'm attaching a script that sends emails alerts level 7 or lower to us...@domain1.com, and level 8 or higher to us...@domain2.com.
To use this script, add the following integration in /var/ossec/etc/ossec.conf on your Wazuh manager:
<integration> <name>custom-email-alerts</name> <level>3</level> <alert_format>json</alert_format> </integration>
Add the custom script in /var/ossec/integrations/custom-email-alerts and give it the right ownership and permissions:
chown root:ossec /var/ossec/integrations/custom-email-alerts chmod 750 /var/ossec/integrations/custom-email-alerts
Modify the custom script to include your data:
email_server = "smtp.email.com" email_from = "y...@example.com" recipient1="us...@domain1.com" recipient2="us...@domain2.com"
Modify the email subject and message as you wish.
Restart the Wazuh manager so changes can take effect: systemctl restart wazuh-manager
Let us know if you have any questions.
Best regards,
Sandra.
Reply all
Reply to author
Forward
0 new messages