Follow these steps to register the Wazuh RESTful API with the Wazuh app in Kibana:
Open a web browser and go to the Kibana’s IP address on port 5601 (default Kibana port). Then, from the left menu, click on the Wazuh app icon.
Open the Settings page with the gear icon on the top right corner (the first time you open the app, you’ll be automatically redirected to Settings). Click on the
Add new APIbutton to open the form.
To protect your Wazuh API, before filling out the fields, open a terminal on your Wazuh manager and, using the
rootuser, replace the default credentials with your desired username where
myUsernameis shown below:
# cd /var/ossec/api/configuration/auth # node htpasswd -c user myUserName
Do not forget to restart the API to apply the changes with these commands:# systemctl restart wazuh-api or # service wazuh-api restart
Fill in the Username and Password fields with the credentials you created in the previous step. Enter
http://MANAGER_IPfor the URL field where
MANAGER_IPis the real IP address of the Wazuh manager and enter “55000” for the Port field.
If you have followed Setting up SSL and authentication for Kibana, the URL must be set as
Click on the
Save APIbutton to store it. Now you can navigate to the other app sections, like Overview, and start visualizing your alerts.
If you want to learn more about the app capabilities, go to the App features section to see useful information about it.