Wazuh

Parny supports direct integration with Wazuh alerts. Wazuh is a network and system monitoring tool that can create alarms to detect and prevent potential problems. This documentation explains how to redirect alarms created in Wazuh to a webhook using Parny.

Parny Settings

1. Go to the Parny interface.

2. Navigate to the "Services" section of your organization.

3. Click on the "New Services" option in the upper right corner.

4. Enter the relevant service name.

Service Name Usage: The service name here is independent of the structure and can be chosen according to the preferences of the organization.

5. Select Wazuh from the list of integrations.

6. Click "Add".

7. After the service is created, the following screen will appear.

• You can now click on the token section of your service and copy your Wazuh Webhook URL.

Wazuh Configuration

1. Access the ossec.conf file located at /var/ossec/etc on the Wazuh manager.

1. Add the integration as shown, and replace your_parny_service_token_here with the token you copied in the first step:

    <integration>
        <name>custom-parny-integration</name>
        <hook_url>your_parny_service_token_here</hook_url>
        <alert_format>json</alert_format>
    </integration>

3. Under /var/ossec/integrations, create a Python file named custom-parny-integration and paste the provided code.

     #!/usr/bin/env python3
     import sys
     import json
     from requests import post

     # Read configuration parameters
     alert_file = open(sys.argv[1])
     hook_url = sys.argv[3]

     # Read the alert file
     alert_json = json.loads(alert_file.read())
     alert_file.close()

     post(hook_url, json=alert_json)

     sys.exit(0)

4. Ensure Python 3+ and pip are installed:

sudo apt-get install python3 python3-pip

5. Install the requests library with pip:

pip3 install requests

6. Restart the Wazuh manager. Depending on your system:

   • For systemd: systemctl restart wazuh-manager

   • For sysv init: service wazuh-manager restart

With these settings, your Wazuh alarms will be forwarded to Parny, allowing you to manage them alongside your other alerts within your organization's Parny interface.