What is Wazuh Security Monitoring Solution? #
Wazuh Security Monitoring Solution includes an endpoint security agent (provides XDR capabilities) that is deployed to the monitored systems and a server that collects and analyzes data gathered by the agents (provides SIEM capabilities).
Why Should You Use the Wazuh Security Monitoring Solution Connector? #
The Wazuh Security Monitoring Solution connector provides visibility into the assets in your environment. You can use this visibility to:
-
ensure assets are managed per your security policies
-
derive relationships between assets, users, applications, and data
How Does This Connector Work? #
Lucidum executes read-only requests to the Wazuh Security Monitoring Solution REST API and ingests only meta-data about Wazuh Security Monitoring Solution devices. Lucidum does not retrieve any data stored on your assets.
Configuring the Connector in Lucidum #
Field |
Description |
Example |
---|---|---|
Host |
The hostname of the server for Wazuh Security Monitoring Solution. |
lucidum.wazuh.com |
Port |
The port on the Wazuh Security Monitoring Solution server. Default port is 55000 |
55000 |
Username |
User name for a Wazuh Security Monitoring Solution account with read access to API data. |
justynmutts |
Password |
The password for a Wazuh Security Monitoring Solution account with read access to API data. |
************ |
Source Documentation #
Creating Credentials #
Follow these steps to create a read-only user in Wuzuh. The Lucidum connector uses this account:
API Documentation #
https://documentation.wazuh.com/current/user-manual/api/reference.html#section/Authentication