Hello community,
Has anyone integrated Ansible AWX with Wazuh?
Wazuh will be used to monitor workstations and send vulnerability alerts, while Ansible AWX with Chocolate will automatically apply patches and software updates in response to these alerts.
Can someone guide me how to proceed with the integration of Wazuh with AWX?
Depending on the set up and how Wazuh gives you alert then you can have Wazuh send a API call to launch a job template that runs those patches and updates.
Hello,
Thanks for answering.
Do you know how to do the integration?
Perhaps through webhooks an effective integration between Wazuh and AWX can be established for automated vulnerability management in an IT environment?
I do not. I have not used Wazuh before.
Have you used any software for detecting vulnerabilities and integrating them with Ansible for software management on workstations?
Yes but, I was using insights and that’s on the RHEL side. Insights integrates very well with ansible/AAP. I used other tools a long time ago and doing webhooks/API was the only option. Besides that running the playbook on schedule if you know those hosts are affected.
Yeah for me too - im testing multiple logging collectors for AWX and try wazuh too right now
What i can tell wazuh mainly actively scans local files on the cilents via ssh or an agent, but the AWX container i cant even really tell where to find the logfiles anf if its even suggestable to play around in the container, because AWX isnt designed that you edit the defeault “local” setup but with customize or the docker compose yaml file.
I try to get some more infos via slack and share them here.
the method of just dumping logs inton wazuh leads via another server with something like rsyslog where you dump your stuff from AWX and install here the wazuh agent - you cannot install the agent to the same machine wherte you installed the wazuh server!The agent install kills your server install - i did this experience hoping i could run everything on one machine- cant tell if wazuh server could use logs from localhost without agent…
I’m not familiar with Wazuh, but if it has centralized alerting/logging and/or can send API/Webhooks, then there’s a few ways you might be able to integrate with AWX.
As @iyami5 suggested, sending a webhook from Wazuh to AWX to trigger a job template could work. It depends a little bit on what data Wazuh sends in the payload that will determine how useful this could be.
Another option is to use EDA-Server. If you’re using AWX on k8s, then you can deploy the EDA-Server-Operator side-by-side with AWX. If I recall correctly, you can send Webhooks directly to EDA instead of AWX, but even if not, EDA can listen to various data sources for certain events. This is where having some centralized logging/alerting source for Wazuh would be handy; EDA would listen for the events and trigger jobs in AWX (with a little more advanced control of the job, I think, than if Wazuh triggers AWX directly).
Unfortunately, I don’t have any real experience with this kind of integration to help you further. I just know that there’s tools available for this sort of thing.