Skip to main content

How to Push Wazuh Alerts to Your Discord Server

In this episode, we will cover how to push Wazuh alerts to your Discord server! This integration is extremely useful because most of us already use Discord. Why monitor a Wazuh dashboard when you can monitor your network directly through Discord?

Example of Discord Alerts

Here is an example of what we’ll create in this episode:

Example Discord alert screenshot

Create a Discord Webhook

  1. Open Discord.
  2. Go to the server you want to use for Wazuh alerts.
  3. Create a new text channel.
Creating Discord channel
  1. Right-click your server.
  2. Open server settings.
  3. Choose “Integrations.”
Opening Discord integrations page

Click “Create a Webhook.”

Creating webhook
  1. Click “New Webhook.”
  2. Name it something like “WazuhAlerts.”
  3. Choose the channel created earlier.
  4. Copy the webhook URL and save it; we’ll use it soon.
Webhook setup in Discord

Configure Wazuh Dashboard Integration

Login to your Wazuh dashboard and navigate to:

(Server Management / Settings)

Wazuh settings page

Click “Edit Configuration” in the top right corner.

Editing Wazuh configuration

Paste the code below after the <global></global> section:

 <integration>
     <name>custom-discord</name>
     <hook_url>https://discord.com/api/webhooks/XXXXXXXXXXX</hook_url>
     <alert_format>json</alert_format>
 </integration>

Then paste your Discords Webhook in the tags.

Wazuh integration config
  1. Click Save.
  2. Restart the Wazuh Manager.
Restarting Wazuh

SSH into your Wazuh Dashboard Machine

Next we need to SSH into your Wazuh Dashboard Machine/VM (etc.) to configure the following settings.

ssh username@ip_address
SSH into Wazuh machine

After logging in, run:

sudo su

Then move to the integrations directory:

cd /var/ossec/integrations

List existing files:

ls -l

Download the custom Discord integrations:

wget https://raw.githubusercontent.com/maikroservice/wazuh-integrations/main/discord/custom-discord
wget https://raw.githubusercontent.com/maikroservice/wazuh-integrations/main/discord/custom-discord.py
Downloading integration files

To verify downloads:

ls -l

If files appear white, they lack execution permissions. Apply the correct ones:

sudo chmod 750 /var/ossec/integrations/custom-*
sudo chown root:wazuh /var/ossec/integrations/custom-*

Check again:

ls -l
Fixed file permissions

Install pip dependencies (ignore the “running as root” warning):

# Debian / Ubuntu
sudo apt-get install python3-pip
pip3 install requests
Installing pip for Wazuh script

Restart Wazuh controls:

/var/ossec/bin/wazuh-control restart
Restarting Wazuh controls Integration restart verification

Verify Discord Alerts

Go to your Discord channel and verify that Wazuh restarted successfully with a confirmation alert.

Discord confirmation alert

Test the alert by attempting to SSH into one of your Wazuh-monitored machines with incorrect credentials. You should see a Discord notification within seconds.

Discord failed login alert

Conclusion

That is it! I hope you guys enjoyed, if you would like to learn more please see the links down below.

How to setup Discord Webhooks

Wazuh external integration configurations

Follow Us on Social Media

YouTube

Discord

Patreon

Reddit

Rumble