Setting up the app

Follow these steps to register the Wazuh RESTful API with the Wazuh app in Kibana:

  1. Open a web browser and go to the Kibana's IP address on port 5601 (default Kibana port). Then, from the left menu, click on the Wazuh app icon.

  1. Open the Settings page with the gear icon on the top right corner (the first time you open the app, you’ll be automatically redirected to Settings). Click on the Add new API button to open the form.

  1. To protect your Wazuh API, before filling out the fields, open a terminal on your Wazuh manager and, using the root user, replace the default credentials with your desired username where myUsername is shown below:

# cd /var/ossec/api/configuration/auth
# node htpasswd -c user myUserName

Do not forget to restart the API to apply the changes with these commands:

# systemctl restart wazuh-api
or
# service wazuh-api restart
  1. Fill in the Username and Password fields with the credentials you created in the previous step. Enter http://MANAGER_IP for the URL field where MANAGER_IP is the real IP address of the Wazuh manager and enter "55000" for the Port field.

Note

If you have followed Setting up SSL and authentication for Kibana, the URL must be set as https://localhost.

  1. Click on the Save API button to store it. Now you can navigate to the other app sections, like Overview, and start visualizing your alerts.

If you want to learn more about the app capabilities, go to the App features section to see useful information about it.