Open whatsinthisbox opened 6 months ago
@whatsinthisbox ThreatMapper today does not have direct integration with Wazuh, but I do think it can be done using HTTP Endpoint
integration if Wazuh has ingestion endpoint available. If that does not work for you, we can always have this issue open until we implement this.
Problem: Existing Wazuh SIEM users lack seamless integration with Threatmapper, hindering efficient correlation and analysis of vulnerability data.
Solution: Implement native integration between Threatmapper and Wazuh SIEM, allowing automatic ingestion of vulnerability information into Wazuh's indexing platform (e.g., OpenSearch).
Components/Services:
API/Backend
Proposed Workflow:
Additional Context: This integration streamlines vulnerability management, enhancing security posture by providing centralized visibility and facilitating prioritized remediation efforts.