Tag: Opensearch

  • SSO failed after Upgrading Opensearch or Wazuh 4.9.0 : failed parsing SAML config Or 500 internal error

    SSO failed after Upgrading Opensearch or Wazuh 4.9.0 :  failed parsing SAML config Or 500 internal error

    In the latest versions (Wazuh 4.9.0 & OpenSearch 2.10*), SSO has updated the exchange_key format requirements (see: exchange key settings), now mandating it to be 64 characters long. This guide outlines three methods to generate the exchange key. If one method doesn’t resolve the issue, proceed to the next. Apply the change to the /etc/wazuh-indexer/opensearch-security/config.yml…

  • Enrich Opensearch/Wazuh Alerting module notification using Painless Scripts (Mustache templates)

    Enrich Opensearch/Wazuh Alerting module notification using Painless Scripts (Mustache templates)

    Use Case: Enrich slack notifications with Wazuh FIM & Vulnerability alerts details. Painless scripts (Mustache templates): Opensearch/Wazuh Monitor Queries: Alerting Module Configuration: The monitor must be configured using Extraction query editor. Then add & test the query: Define a simple trigger whenever the query return values higher than 0: Add your painless script, then send a…

  • Wazuh & Keycloak using SAML

    Wazuh & Keycloak using SAML

    Use case: Set up Keycloak for Authentication using SAML protocol in Wazuh. Keycloak configuration: Wazuh indexer configuration: Wazuh Dashboard configuration: As this might be solved in future versions you should perform the next step only if you are facing logout issue (https://forum.opensearch.org/t/saml-issue-on-logout/5617/14). DEMO: I hope you find it useful 🙂