Cloud Integrations Overview

​

Supported Cloud Platforms

​

Cloud Service Providers

• Amazon Web Services (AWS) - Monitor AWS services including CloudTrail, S3, VPC Flow Logs, and more
• Google Cloud Platform (GCP) - Collect security events from GCP services via GCP API
• Office 365 - Track security events from Microsoft Office 365 services
• Microsoft Graph API - Integrate with Microsoft Graph services for enhanced security monitoring

​

DevOps Platforms

• GitHub - Monitor audit logs from GitHub organizations
• Docker - Track container lifecycle events and activities

​

Key Features

• Real-time Event Collection - Security events collected directly via cloud provider APIs
• Centralized Monitoring - Unified dashboard for monitoring multiple cloud platforms
• Event Filtering - Advanced filtering capabilities using the integration name field (wazuh.integration.name)
• Custom Visualizations - Pre-built dashboards for each cloud platform
• Security Analytics - Analyze cloud security events for threats and compliance

​

Integration Architecture

// Example: AWS integration
const AWS_GROUP_KEY = 'wazuh.integration.name';
const AWS_GROUP_VALUE = 'aws';

1. Extends the EventsDataSource base class
2. Implements rule group filtering for the specific cloud platform
3. Applies fixed filters including cluster manager filters
4. Collects events tagged with the integration name

​

Data Source Filtering

• Integration Name Filter - Events are tagged with wazuh.integration.name matching the platform (e.g., ‘aws’, ‘gcp’, ‘o365’)
• Cluster Manager Filters - Multi-cluster deployment support
• Rule Group Filters - Platform-specific rule group filtering

• AWS integration: plugins/main/public/components/common/data-source/pattern/events/aws/aws-data-source.ts:5
• GCP integration: plugins/main/public/components/common/data-source/pattern/events/google-cloud/google-cloud-data-source.ts:6
• Office 365 integration: plugins/main/public/components/common/data-source/pattern/events/office-365/office-365-data-source.ts:6

​

Getting Started

1. Choose the cloud platform you want to monitor
2. Follow the setup instructions for that specific integration
3. Configure API credentials and permissions
4. Start collecting and analyzing security events
5. Use pre-built dashboards or create custom visualizations

​

Common Use Cases

• Cloud Security Monitoring - Track security events across cloud infrastructure
• Compliance Auditing - Monitor access and changes for compliance requirements
• Threat Detection - Identify suspicious activities and potential security threats
• Container Security - Monitor Docker container activities and lifecycle events
• DevOps Security - Track code repository access and changes in GitHub
• Identity Monitoring - Monitor authentication and authorization events

​

Next Steps

• Set up AWS integration
• Configure GCP monitoring
• Enable Office 365 integration
• Connect Microsoft Graph API
• Monitor GitHub organizations
• Track Docker containers