Integration with external APIs

The Integrator is a new daemon that allows Wazuh to connect to external APIs and alerting tools such as Slack and PagerDuty.

New in version 3.0.0.

A new integration has been developed in Wazuh 3.0 that allows for the inspection of malicious files using the VirusTotal database.

The complete documentation of this new feature can be found at the VirusTotal integration section.


The Integrator is not enabled by default, however, it can be enabled using the following command:

# /var/ossec/bin/ossec-control enable integrator
# /var/ossec/bin/ossec-control restart

Integrations are configured in the etc/ossec.conf file which is located inside your Wazuh installation directory. Add the following information inside <ossec_config> </ossec_config> to configure integration:

     <name> </name>
     <hook_url> </hook_url>
     <api_key> </api_key>

  <!-- Optional filters -->

     <rule_id> </rule_id>
     <level> </level>
     <group> </group>
     <event_location> </event_location>

Integration with Slack


Integration with PagerDuty


Integration with VirusTotal