Installing the Wazuh agent ensures that events are properly sent to the Wazuh XDR server.
¶ Install the Wazuh agent on your Artica server
- Check this article in order to install the Wazuh Agent inside your Artica server
¶ Check the Wazuh server
- On the Wazuh server, ensure the parameters
logall,logall_jsonare turned toyes
<ossec_config> <global> <jsonout_output>yes</jsonout_output> <alerts_log>yes</alerts_log> <logall>yes</logall> <logall_json>yes</logall_json>…
- Restart the wazuh services:
root@wazuh:~# service wazuh-manager restartroot@wazuh:~# service wazuh-indexer restart
¶ Check events
You will find events in the Threat Hunting section of your remote IDS Artica server with the rule.groups:suricata
