OpenCTI–Wazuh connector
opencti-wazuh-connector is an OpenCTI connector that lets you look up entities from your cyber threat intelligence database in your Wazuh SIEM. It’s implemented as an enrichment connector, which triggers automatically (or manually if you want) whenever a new entity is added to the OpenCTI database.
This connector has several use cases. Perhaps the most obvious one is to automatically scan your whole SIEM database whenever there is a new indicator imported in OpenCTI. However, it can also act as a comfortable search interface, automatically creating sightings for you for every hit.
See quick start if you are in a real hurry to try it out, otherwise please continue reading to get a better understanding of the connector, how to install it, how to configure it and how to use it.
Warning
opencti-wazuh-connector is in an early alpha stage. Although the connector does not make any changes to Wazuh, it may produce a lot of data in OpenCTI. Do not use the connector yet in production.