Wazuh email alert
164 views
Skip to first unread message
Ami92
Feb 3, 2020, 2:02:54 AM2/3/20
to Wazuh mailing list
Hi All,
Can I configure custom email alert (with fancy style :-) ) in wazuh.
Thank You All.
Jose Luis Carreras Marin
Feb 3, 2020, 2:41:17 AM2/3/20
to Wazuh mailing list
Hi Ami92,
Yes, you can. You must configure the email alerts in the ossec.conf file, in the "global" section.
For example, you can set the email_alert_level to the minimum alert level that will trigger an email.
After the configuration is done, you need to restart wazuh.
Here is the documentation with another ideas for custom email alerts.
After the configuration is done, you need to restart wazuh.
Here is the documentation with another ideas for custom email alerts.
Regards,
Jose.
Amila Sampath
Feb 3, 2020, 3:39:46 AM2/3/20
to Jose Luis Carreras Marin, Wazuh mailing list
Hi Jose,
Wazuh Notification.
2020 Feb 03 03:30:14
Received From: (windows-agent-01) any->EventChannel
Rule: 60612 fired (level 3) -> "Application Installed Product: McAfee Endpoint Security Threat Prevention -- Installation operation completed successfully."
Portion of the log(s):
{"win":{"system":{"providerName":"MsiInstaller","eventID":"11707","level":"4","task":"0","keywords":"0x80000000000000","systemTime":"2020-02-03T08:30:15.079800100Z","eventRecordID":"25797","channel":"Application","computer":"IBLT00","severityValue":"INFORMATION","message":"\"Product: McAfee Endpoint Security Threat Prevention -- Installation operation completed successfully.\""},"eventdata":{"binary":"7B32314137393842392D413541312D343944372D394639362D4343384231344637454145467D","data":"Product: McAfee Endpoint Security Threat Prevention -- Installation operation completed successfully."}}}
win.system.providerName: MsiInstaller
win.system.eventID: 11707
win.system.level: 4
win.system.task: 0
win.system.keywords: 0x80000000000000
win.system.systemTime: 2020-02-03T08:30:15.079800100Z
win.system.eventRecordID: 25797
win.system.channel: Application
win.system.computer: IBLT00
win.system.severityValue: INFORMATION
win.system.message: "Product: McAfee Endpoint Security Threat Prevention -- Installation operation completed successfully."
win.eventdata.binary: 7B32314137393842392D413541312D343944372D394639362D4343384231344637454145467D
win.eventdata.data: Product: McAfee Endpoint Security Threat Prevention -- Installation operation completed successfully.
--END OF NOTIFICATION
Thank You very much for quick response. I already config by using documentation.This is the output of the windows agent, I installed the software on it. Can I create it with eye catching content :-) :-)
Wazuh Notification.
2020 Feb 03 03:30:14
Received From: (windows-agent-01) any->EventChannel
Rule: 60612 fired (level 3) -> "Application Installed Product: McAfee Endpoint Security Threat Prevention -- Installation operation completed successfully."
Portion of the log(s):
{"win":{"system":{"providerName":"MsiInstaller","eventID":"11707","level":"4","task":"0","keywords":"0x80000000000000","systemTime":"2020-02-03T08:30:15.079800100Z","eventRecordID":"25797","channel":"Application","computer":"IBLT00","severityValue":"INFORMATION","message":"\"Product: McAfee Endpoint Security Threat Prevention -- Installation operation completed successfully.\""},"eventdata":{"binary":"7B32314137393842392D413541312D343944372D394639362D4343384231344637454145467D","data":"Product: McAfee Endpoint Security Threat Prevention -- Installation operation completed successfully."}}}
win.system.providerName: MsiInstaller
win.system.eventID: 11707
win.system.level: 4
win.system.task: 0
win.system.keywords: 0x80000000000000
win.system.systemTime: 2020-02-03T08:30:15.079800100Z
win.system.eventRecordID: 25797
win.system.channel: Application
win.system.computer: IBLT00
win.system.severityValue: INFORMATION
win.system.message: "Product: McAfee Endpoint Security Threat Prevention -- Installation operation completed successfully."
win.eventdata.binary: 7B32314137393842392D413541312D343944372D394639362D4343384231344637454145467D
win.eventdata.data: Product: McAfee Endpoint Security Threat Prevention -- Installation operation completed successfully.
--END OF NOTIFICATION
Thank You.
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/933e785f-014f-49ff-8507-2c2c3559079c%40googlegroups.com.
Jose Luis Carreras Marin
Feb 3, 2020, 9:38:25 AM2/3/20
to Wazuh mailing list
Hi Amy92,
I'm sorry to tell you that wazuh doesn't have any tools to custom format the alerts.
Regards,
Jose.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages