Scribd
Upload
39 views5 pages

Wazuh-Gmail Integration

This document provides a standard operating procedure (SOP) for configuring Wazuh to send alerts via Gmail. It outlines the purpose, scope, and detailed steps for installation and configuration, including setting up Postfix and enabling two-factor authentication for Gmail. The final steps include testing the email setup and configuring the Wazuh manager to ensure alerts are sent correctly.

Uploaded by

mabdullah9352
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
39 views5 pages

Wazuh-Gmail Integration

This document provides a standard operating procedure (SOP) for configuring Wazuh to send alerts via Gmail. It outlines the purpose, scope, and detailed steps for installation and configuration, including setting up Postfix and enabling two-factor authentication for Gmail. The final steps include testing the email setup and configuring the Wazuh manager to ensure alerts are sent correctly.

Uploaded by

mabdullah9352
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Configure Wazuh to send Gmail alerts

SOC SOPS

ACE MONEY TRANSFER


ACE House, Street 1, Mujahid Colony Kharian, Gujrat, Pakistan
Piccadilly House, 49 Piccadilly, Manchester M1 2AP, United Kingdom
Document Details

Document Name Configure Wazuh to send Gmail alerts


Document Type SOP
Prepared by Muhammad Abdullah
Approved by
Date 7th June, 2024

SOC-SOP 1
Table of Contents
1. Purpose ....................................................................................................................... 3
2. Scope .......................................................................................................................... 3
3. Introduction ................................................................................................................ 3
4. Deployment Procedure................................................................................................ 3

SOC-SOP 2
1. Purpose
To get alerts for serious events when we are away from the office.

2. Scope
Getting emails for serious alerts provides an extra layer of security to an organization’s incident
response abilities. It saves the SOC team from all-night monitoring especially when an organization
can’t afford 8-hour shifts 3/day or they simply don’t care much about the security to pay for separate
shifts.

3. Introduction
Email integration in Wazuh provides us a way to get high level alerts even when the SOC team is off
work going about their business.

4. Procedure

1. 1st install postfix


o apt-get update && apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules

2. Choose no configuration

3. Create file main.cf in /etc/postfix/: touch /etc/postfix/main.cf

4. Add following code to this main.cf and save file: -

o relayhost = [smtp.gmail.com]:587
o smtp_sasl_auth_enable = yes
o smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
o smtp_sasl_security_options = noanonymous
o smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
o smtp_use_tls = yes
o smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
defer_unauth_destination

5. Now turn on 2FA for your Gmail (mandatory)

6. Use this link after enabling 2FA to create 16 letter app password: abcd efgh ijkl mnop

7. Type personal Gmail for which you created app password and the app password: -

o echo [smtp.gmail.com]:587 mabdullah9352@gmail.com: abcd efgh ijkl mnop >


/etc/postfix/sasl_passwd

8. Now to save settings and enable security, type following 4 commands: -

o root@ubuntu:/etc/postfix# postmap /etc/postfix/sasl_passwd


o root@ubuntu:/etc/postfix# chmod 400 /etc/postfix/sasl_passwd

SOC-SOP 3
o root@ubuntu:/etc/postfix# chown root: root /etc/postfix/sasl_passwd
/etc/postfix/sasl_passwd.db
o root@ubuntu:/etc/postfix# chmod 0600 /etc/postfix/sasl_passwd
/etc/postfix/sasl_passwd.db

o systemctl restart postfix

9. Send test email (You will receive email if you did above steps right): -

o echo "Test mail from postfix" | mail -s "Test Postfix" -r "mabdullah9352@gmail.com"


mabdullah9352@gmail.com

10. Configure ossec.conf now: nano var/ossec/etc/ossec.conf

o <global>
o <email_notification>yes</email_notification>
o <smtp_server>localhost</smtp_server>
o <email_from>mabdullah9352@gmail.com@gmail.com</email_from>
o <email_to>mabdullah9352@gmail.com</email_to>
o </global>

11. Restart Wazuh-manager: systemctl restart wazuh-manager


12. Done!

SOC-SOP 4

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy