search

deepfence / ThreatMapper

Open Source Cloud Native Application Protection Platform (CNAPP)
https://deepfence.io
Apache License 2.0
4.79k stars 578 forks source link

Threatmapper and Wazuh SIEM integration #2041

Open whatsinthisbox opened 6 months ago

whatsinthisbox commented 6 months ago

Problem: Existing Wazuh SIEM users lack seamless integration with Threatmapper, hindering efficient correlation and analysis of vulnerability data.

Solution: Implement native integration between Threatmapper and Wazuh SIEM, allowing automatic ingestion of vulnerability information into Wazuh's indexing platform (e.g., OpenSearch).

Components/Services:

API/Backend

 Deployment/YAMLs

Proposed Workflow:

Threatmapper identifies vulnerabilities across assets (Hosts, Docker images and containers).
Vulnerability data is formatted and ingested into Wazuh SIEM Indexer (Opensearch).
Wazuh indexes and correlates this data with existing security event data.
Security analysts leverage Wazuh's dashboard and querying capabilities for comprehensive threat analysis and response.

Additional Context: This integration streamlines vulnerability management, enhancing security posture by providing centralized visibility and facilitating prioritized remediation efforts.

ibreakthecloud commented 6 months ago

@whatsinthisbox ThreatMapper today does not have direct integration with Wazuh, but I do think it can be done using HTTP Endpoint integration if Wazuh has ingestion endpoint available. If that does not work for you, we can always have this issue open until we implement this.