Append Wazuh index via cURL with Authentication token
144 views
Skip to first unread message
Iker Vellarino
Sep 4, 2023, 9:51:07 AM9/4/23
to Wazuh | Mailing List
Hello Wazuh Community!
I have a .json file called AlertsTest, which contains some test alerts that I want to append to a certain index, for example, let's say "wazuh-alerts-4.x-2023.08.24."
I tried it with basic authentication, and it works. Here is the command:
curl -X POST -k "https://<IP>:9200/wazuh-alerts-4.x-2023.08.24/_doc" -H "Content-Type: application/json" -d @AlertsTest.json --user <user>:<password>
Now, the thing is that I want to know if there is any way of doing this with an Authentication Token or similar method on OpenSearch.
I am conducting these tests in a Virtual Machine with the following versions:
- Wazuh-manager: 4.3.5
- Wazuh-indexer: 4.3.5
- Wazuh-dashboard: 4.3.5
- Filebeat: 7.10.2
Thanks & Regards
I have a .json file called AlertsTest, which contains some test alerts that I want to append to a certain index, for example, let's say "wazuh-alerts-4.x-2023.08.24."
I tried it with basic authentication, and it works. Here is the command:
curl -X POST -k "https://<IP>:9200/wazuh-alerts-4.x-2023.08.24/_doc" -H "Content-Type: application/json" -d @AlertsTest.json --user <user>:<password>
Now, the thing is that I want to know if there is any way of doing this with an Authentication Token or similar method on OpenSearch.
I am conducting these tests in a Virtual Machine with the following versions:
- Wazuh-manager: 4.3.5
- Wazuh-indexer: 4.3.5
- Wazuh-dashboard: 4.3.5
- Filebeat: 7.10.2
Thanks & Regards
Jesus Linares
Sep 4, 2023, 12:30:00 PM9/4/23
to Wazuh | Mailing List
Hi Iker,
Here, you can see various methods for authenticating with the indexer: OpenSearch Authentication Documentation. Currently, you are utilizing basic authentication, but you have the option to switch to JWT (JSON Web Token) authentication. With JWT, you can employ the "Authorization: Bearer" header for authentication.
Additionally, another option you can explore is configuring Filebeat to read the JSON file you mentioned, in addition to the standard "alerts.json" file (or with a second Filebeat). This allows you to ingest data from both sources seamlessly.
Additionally, another option you can explore is configuring Filebeat to read the JSON file you mentioned, in addition to the standard "alerts.json" file (or with a second Filebeat). This allows you to ingest data from both sources seamlessly.
I hope it helps.
Reply all
Reply to author
Forward
0 new messages