Skip to main content
Skip table of contents

Wazuh

What is Wazuh Security Monitoring Solution?

Wazuh Security Monitoring Solution includes an endpoint security agent (provides XDR capabilities) that is deployed to the monitored systems and a server that collects and analyzes data gathered by the agents (provides SIEM capabilities).

Why Should You Use the Wazuh Security Monitoring Solution Connector?

The Wazuh Security Monitoring Solution connector provides visibility into the assets in your environment. You can use this visibility to:

  • ensure assets are managed per your security policies

  • derive relationships between assets, users, applications, and data

How Does This Connector Work?

Lucidum executes read-only requests to the Wazuh Security Monitoring Solution REST API and ingests only meta-data about Wazuh Security Monitoring Solution devices. Lucidum does not retrieve any data stored on your assets.

Configuring the Connector in Lucidum

Field

Description

Example

Host

The hostname of the server for Wazuh Security Monitoring Solution.

lucidum.wazuh.com

Port

The port on the Wazuh Security Monitoring Solution server. Default port is 55000

55000

Username

User name for a Wazuh Security Monitoring Solution account with read access to API data.

 justynmutts

Password

The password for a Wazuh Security Monitoring Solution account with read access to API data.

************

Source Documentation

Creating Credentials

Follow these steps to create a read-only user in Wuzuh. The Lucidum connector uses this account:

https://documentation.wazuh.com/current/user-manual/user-administration/rbac.html#creating-and-setting-a-wazuh-read-only-user

API Documentation

https://documentation.wazuh.com/current/user-manual/api/reference.html#section/Authentication

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.