HTTP notification with changing Bearer token
Hi all,
i am trying to use the HTTP notification plugin to send the alerts to Wazuh.
On Wazuh i can request an Bearer Access token with an curl command which is valid for 300 sec.
Is it possible to configure the HTTP notification plugin in that way that the Token is requested with the notification plugin and directly used?
The curl command which is working on the console looks like this:
curl -k -X GET "https://<manager_address>:55000/agents" -H "Authorization: Bearer $(curl -u wazuh-wui:<PASSWORD> -k -X GET 'https://<manager_address>:55000/security/user/authenticate?raw=true')"
Thanks in advance3 Replies
Important Information
Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command
/resolve or press the green resolve button below.Log Files
If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.
Guide Followed (CrowdSec Official)
If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.
Screenshots
Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.
© Created By WhyAydan for CrowdSec ❤️
I cannot think of a way to do that only in crowdsec config 🙁
What you could do is to write a small HTTP proxy that receives the notification from crowdsec, and takes care of getting the token from wazu, then forward the request to wazuh
thanks for your answer and hint. I will give it a try with Krakend