Some custom integrations for Wazuh SIEM via active response feature
- CheckPoint External IOC feeds integration via Active Response allows you to add IP's from specific events to the CheckPoint External IOC feed for the Threat Prevention engine
- CrowdSec integration via Active Response allows you to check IP's from specific events via CrowdSec API and return results directly to the dashboard as the new event
- AlienVault integration via Active Response allows you to check IP's from specific events via AlienVault API and return results directly to the dashboard as the new event
- AbuseIPDB integration via Active Response allows you to check IP's from specific events via AbuseIPDB API and return results directly to the dashboard as the new event