Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

CloudAware can monitor the specific criteria in your logs or IDS events, create incidents in CMDB and notify you via email. Use watcher functionality to create actions based on conditions which are periodically evaluated using queries on your data in Wazuh.

Use case: you need to get alerts based on log entries from the windows event log in Wazuh, e.g. creation of new AWS EC2 Security Groups

Cloudaware Incident Webhook


Considering the state when a watcher is triggered as an incident, we can refer to Cloudaware Incident Webhook integration.

1. Log in to you CloudAware account → Admin.

2. Scroll down to Other integrations → CloudAware Incident Webhook. Click +Add.

3. Type the Name for your Integration. Click Save.

Note: in our case

Create A Watcher

1. Log in to your Wazuh application using Cloudaware Launcher. Select Management → Watcher (under ElasticSearch) → Create → Create advanced search.

Note: You can contact your Cloudaware dedicated account manager via tam@cloudaware.com to request a watcher based on your use case.

2. Set up a meaningful Name and ID for your watcher.

3. Click Create Watch.

Configure A Workflow Rule


Go back to your CloudAware account. Click Setup in the main menu under your username.

In the Quick Find box start typing workflows to select Workflows & Approvals → Workflow Rules → New Rule

Select CloudAware Incident as the object for the rule to be applied to and click Next.

Add Rule Name (1), set Evaluation Criteria(2) and Rule Criteria(3). Add Filter Logic if necessary. Click Save & Next

Note: In this use case we set up email alerts for creation of new AWS EC2 Security Groups. Every time a new AWS EC2 Security Group is created, the watcher is triggered creating an incident in Cloudaware. The workflow rule will take into action sending the email alert.

Add Workflow Action → New Email Alert

Add description. Add users from the list of Available Recipients and additional email addresses if necessary.

Insert an existing email template in Email Template. You can also create a new one: Setup → Communication Templates → Classic Email Templates → New Template -> Text → Save ('Available For Use' should be checked beforehand)

Go back to Edit Email Alert form and click Save

Review the workflow and click Done

Activate the workflow

Check creation of Cloudaware Incidents in CMDB

Go to CMDB Navigator. Start typing incidents in the search bar and select CloudAware Incidents.

Email Alert Example


  • No labels