Wazuh provider allows you to get alerts from Wazuh via custom integration.
/var/ossec/integrations/
and set correct permissionshttps://api.keephq.dev/alerts/event/wazuh
.
/var/ossec/etc/ossec.conf
set new integration block
level
you are interested in.
7. Restart the wazuh-manager