• Home
• App Integrations
• SIEM Integrations
• Wazuh SIEM Integration

Wazuh SIEM Integration Setup

---

Wazuh is an open-source platform for threat detection, analysis log data, and compliance that integrates with SIEM. miniOrange provides secure access and full control to Wazuh for enterprises and applications. With the help of the given guide you can configure Wazuh easily.

1. Create a user account for API authentication

• Log into your Wazuh dashboard as an admin.
• Click on the hamburger menu icon present on the left top section.
• Navigate to Server Management > Security.
• Click on the Create User button under the User tab.
• Provide any username and password.
• You can keep the Allow run as option disabled.
• Select the user role as administrator and click on the Apply button.



• Configure the above username and password in miniOrange to sync the audit logs.

2. Add a rule to use JSON decoder

• From your Wazuh admin dashboard, open the left menu option.
• Navigate to Server Management > Rules.
• Click on the Add new Rules file button.



• Provide any file name and add the following rules in the provided area:

                
                  <group name="audit">
                    <rule id="222001" level="4">
                      <decoded_as>json</decoded_as>
                      <description>miniOrange Audit messages</description>
                    </rule>
                  </group>
                
              

  
  

  Note: If the rule id 222001 is already assigned to a different rule in your Wazuh instance, you can set any other rule id above. You can also change the log level as per your requirement.

  
  



• Finally click on the Save button.
• After saving, click on the Restart button when prompted on your Wazuh dashboard.

3. Enabling Event Forwarding

• Share the following information with us and we will enable the event forwarding to your Wazuh instance:
• Username and Password of the newly created user.
• Server IP and Port to forward the events.