Reputation: 21
Wazuh unable to send notifications to Slack WebHook URL
I am trying to test the Wazuh installation in my Virtual Lab setup. I require notifications from Wazuh when things go bad on my target machine (alerts are generated)
I attempted to receive these notifications via slack but have been unsuccessful in doing so.
Even after configuring Slack onto the Wazuh Manager config, as per directions given here: https://documentation.wazuh.com/current/user-manual/manager/manual-integration.html#slack . It did not give me any notification (the documentation says that after restarting the server, I should be receiving some notification.
It is not a network issue as I have kept the Wazuh server on the bridged network mode for ease of access.
I configured the Slack incoming Web Hook application. Added it to my channel and tested that separately. I am certain that this works. (Tested using the sample 'curl' code that they give us to check that it works). I have received the messages of 'Hello world' onto my slack channel. So we can be sure that the Slack Web Hook works
I have also tried configuring the channel for communication from the Wazuh GUI Dashboard. However, over there, upon sending a test message to the Web Hook, the Wazuh GUI tells me that the sending of test message has failed.
Following is the detailed error:
[status_exception] {"event_status_list": [{"config_id":"6UMBuo8B8SZDmi29UMr4","config_type":"slack","config_name":"temp-qwsd","email_recipient_status":[],"delivery_status":{"status_code":"500","status_text":"Failed to send webhook message Connect to hooks.slack.com:443 [hooks.slack.com/65.2.117.88, hooks.slack.com/13.126.138.201, hooks.slack.com/13.127.99.68] failed: Connect timed out"}}]}
Please help me out.
Upvotes: 0
Views: 553
Answers (1)
Reputation: 21
I tested the curl command for my slack webhook on another VM which was inside the 'NAT Network' which I had configured (This was generated for the attacker and target/vulnerable machine). It acted as an internal network which is able to access the internet.
This VM was successful in sending a notification to my Slack Channel.
I then tested to see what would happen if I changed the settings to 'Bridged Adapter' as it was for the Wazuh Server VM. Sure enough, the curl command to the Slack webhook was no longer successful.
Hence, I can conclude that the problem is that VMs are unable to communicate with webhooks when configured to the 'Bridged Adapter' mode.
Now why that is the case and how that can be overcome is the continuation to the question :)
Upvotes: 0
Related Questions
- How to send json formatted messages to Slack through Cloud functions?
- Slack Incoming Webhook sends as my user
- Send Slack notification from Jenkins into private channel of other users
- Limit messages sent to Slack from Laravel Notification facade
- Add encryption to travis notifications in slack channel
- Unable to send files to slack from R using slackrUpload