-
SSO failed after Upgrading Opensearch or Wazuh 4.9.0 : failed parsing SAML config Or 500 internal error
In the latest versions (Wazuh 4.9.0 & OpenSearch 2.10*), SSO has updated the exchange_key format requirements (see: exchange key settings), now mandating it to be 64 characters long. This guide outlines three methods to generate the exchange key. If one method doesn’t resolve the issue, proceed to the next. Apply the change to the /etc/wazuh-indexer/opensearch-security/config.yml…
-
Enrich Opensearch/Wazuh Alerting module notification using Painless Scripts (Mustache templates)
Use Case: Enrich slack notifications with Wazuh FIM & Vulnerability alerts details. Painless scripts (Mustache templates): Opensearch/Wazuh Monitor Queries: Alerting Module Configuration: The monitor must be configured using Extraction query editor. Then add & test the query: Define a simple trigger whenever the query return values higher than 0: Add your painless script, then send a…
-
Wazuh & Keycloak using SAML
Use case: Set up Keycloak for Authentication using SAML protocol in Wazuh. Keycloak configuration: Wazuh indexer configuration: Wazuh Dashboard configuration: As this might be solved in future versions you should perform the next step only if you are facing logout issue (https://forum.opensearch.org/t/saml-issue-on-logout/5617/14). DEMO: I hope you find it useful 🙂