CloudAware can monitor the specific criteria in your logs or IDS events, create incidents in CMDB and notify you via email. Use watcher functionality to create actions based on conditions which are periodically evaluated using queries on your data in Wazuh.
Use case: you need to get alerts based on log entries from the windows event log in Wazuh, e.g. of creation of new AWS EC2 Security Groups.
Cloudaware Incident Webhook
Considering the state when a watcher is triggered to be an incident, we can refer to Cloudaware Incident Webhook integration. That means that every time the event is discovered by a watcher in Wazuh, a Cloudaware incident will be created.
1. Log in to your CloudAware account → Admin.
...
4. Check the status of your integration:
...
Create A Watcher
1. Log in to your Wazuh application using Cloudaware Launcher. Select Management → Watcher (under ElasticSearch) → Create → Create advanced search.
...
2. Set up a meaningful Name and ID for your watcher.
...
3. Click Create Watch.
Configure A Workflow Rule
Go back to your CloudAware account. Click Setup in the main menu under your username.
...
Review the workflow and click Done
Activate the workflow
Check creation of Cloudaware Incidents in CMDB
Go to CMDB Navigator. Start typing incidents in the search bar and select CloudAware Incidents.