Threat intelligence


I would like to integrate threat intelligence with wazuh. How can I do that.

what are the ways to archive this ?

I have deployed the hive , cortex and MISP for threat intelligence but do not know how to integrate with wazuh. Can some one please help if they know how to do this.

I have all in one deployment of elk with wazuh.


I am not sure we directly have a lot of experience with wazuh doing this, but there may be community members that have it that can hopefully share something.

Is there a reason you aren't using Elastic Security to do this?

I do not know what is elastic security and what is difference between Elastic Security and TheHive,Misp ?

Can you please share something about Elastic security ?
Also is it free or paid ?

Are you using Elastic distribution of Elasticsearch or are you using the Wazuh distribution, which uses Opensearch?

Those are completely different things.

OpenSearch/OpenDistro are AWS run products and differ from the original Elasticsearch and Kibana products that Elastic builds and maintains. You may need to contact them directly for further assistance.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns :elasticheart: )

I am using wazuh distribution : All-in-one deployment - Installing Wazuh with Elastic Stack

The Wazuh Distribution uses Opensearch, which is a fork of an old version of Elasticsearch, version 7.10.

Opensearch is not supported here as it has a lot of changes made mainly by Amazon, you will need to direct your question to a Wazuh forum or an Opensearch forum.

There's a fair bit in our Security offering, Security solution unifying SIEM, endpoint & cloud | Elastic goes into it and there is a lot of free functionality.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.