The Wazuh API is an open source RESTful API that allows interaction with the Wazuh manager from a web browser, a command-line tool such as cURL, or any script or program able to make web requests. The Wazuh UI relies on the Wazuh API and the ultimate goal of Wazuh is to accommodate complete remote management of its infrastructure via the Wazuh UI. Use the Wazuh API to easily perform everyday actions such as adding an agent, restarting the manager(s) or agent(s), or looking up syscheck details.
Here is a list of the Wazuh API capabilities:
Manager control and overview
Cluster control and overview
Syscheck control and search
MITRE attacks and CISCAT overview
Testing and verification of rules and decoders
Access restriction and security (RBAC)
API management (HTTPS, configuration)
Query remote configuration
For more details, check out the Use Cases.
- Getting started
- Securing the Wazuh API
- Migrating from the Wazuh API 3.X
- Role-Based Access Control
- Filtering data using queries