WAZUH OSSEC Plugin / intgeration with ELK

Hi Team,

I deployed ELK (Single Server Architecture) on Ubuntu and currently exploring the steps for integration WAZUS OSSEC framework. Can anyone please share the steps or documentation for the same.


Hi Gan,

I think you will have better luck looking through https://wazuh.com and their documentation.

Alternatively, please try to formulate more concrete questions with regards to what exactly you want to do and what are the issues/problems you are facing so that maybe someone who has done something similar can assist you.

Hi Ikakavas,

Thanks for the reply.

I'm trying to explain my requirement once again. Currently I installed ELK on Ubuntu server and collecting syslogs from various devices and visualizing the same on Kibana. This working as expected, there is no issue.

Moving further I like to enabled OSSEC (WAZUH)plugin in ELK for enabling security Analytics (Like Threat Hunting, PCI DSS Compliance etc.) I need you team's assistance on how to integrate WAZUH with ELK.

As you suggested, I gone through the WAZUH documentation already, Their documentation is only talking about integrating ELK with WAZUH not other way.


Elastic does not offer a WAZUH plugin, as such we do not have any documentation for that plugin or on how to integrate WAZUH.

The structure of this forum doesn't make it very probable that someone will write a step by step integration guide for you, so my suggestion would be that you break down your use case in small questions and try to get answers for them. As in : Try to do something and if / when that fails, ask how X or Y can be resolved.

As I mentioned earlier, it highly more probable that you will get answers from the WAZUH community and you should start with their documentation and issue tracker. Have you seen https://github.com/wazuh/wazuh-kibana-app for instance ?

Thanks, Will check the link.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.