XML section name
This configures the manager to connect Wazuh to external APIs and alerting tools such as Slack and PagerDuty.
This indicates the type of the service to integrate with.
|Allowed values||slack, pagerdty|
This is the URL provided by Slack when integration is enabled on the Slack side. This is mandatory for Slack.
|Allowed values||Slack URL|
This is the key that you would have retrieved from the PagerDuty API. This is mandatory for PagerDuty.
You must restart Wazuh after changing this configuration.
|Allowed values||PagerDuty Api key|
This filter alerts by rule level. It will push only alerts with the specified level or above.
|Allowed values||Any alert level from 0 to 16|
This filters alerts by rule ID.
|Allowed values||Comma-separated rule IDs|
This filters alerts by rule group. For the VirusTotal integration, only rules from the syscheck group are available.
|Allowed values||Any rule group or comma-separated rule groups.|
Observe that all groups must be finished by comma.
Example of configuration¶
<integration> <name>slack</name> <hook_url>https://hooks.slack.com/services/T000/B000/XXXXX</hook_url> <level>10</level> <group>multiple_drops,|authentication_failures,</group> </integration>