Cloud Integrations Overview - Wazuh Dashboard Plugins

Wazuh Dashboard Plugins provide comprehensive monitoring capabilities for cloud platforms and services, allowing you to collect, analyze, and visualize security events from your cloud infrastructure.

Supported Cloud Platforms

The dashboard supports integration with major cloud providers and services:

Cloud Service Providers

Amazon Web Services (AWS) - Monitor AWS services including CloudTrail, S3, VPC Flow Logs, and more
Google Cloud Platform (GCP) - Collect security events from GCP services via GCP API
Office 365 - Track security events from Microsoft Office 365 services
Microsoft Graph API - Integrate with Microsoft Graph services for enhanced security monitoring

DevOps Platforms

GitHub - Monitor audit logs from GitHub organizations
Docker - Track container lifecycle events and activities

Key Features

Cloud integrations in Wazuh Dashboard Plugins provide:

Real-time Event Collection - Security events collected directly via cloud provider APIs
Centralized Monitoring - Unified dashboard for monitoring multiple cloud platforms
Event Filtering - Advanced filtering capabilities using the integration name field (wazuh.integration.name)
Custom Visualizations - Pre-built dashboards for each cloud platform
Security Analytics - Analyze cloud security events for threats and compliance

Integration Architecture

Cloud integrations use a consistent data source architecture:

// Example: AWS integration
const AWS_GROUP_KEY = 'wazuh.integration.name';
const AWS_GROUP_VALUE = 'aws';

Each integration:

Extends the EventsDataSource base class
Implements rule group filtering for the specific cloud platform
Applies fixed filters including cluster manager filters
Collects events tagged with the integration name

Data Source Filtering

All cloud integrations implement filtering through:

Integration Name Filter - Events are tagged with wazuh.integration.name matching the platform (e.g., ‘aws’, ‘gcp’, ‘o365’)
Cluster Manager Filters - Multi-cluster deployment support
Rule Group Filters - Platform-specific rule group filtering

References:

AWS integration: plugins/main/public/components/common/data-source/pattern/events/aws/aws-data-source.ts:5
GCP integration: plugins/main/public/components/common/data-source/pattern/events/google-cloud/google-cloud-data-source.ts:6
Office 365 integration: plugins/main/public/components/common/data-source/pattern/events/office-365/office-365-data-source.ts:6

Getting Started

Choose the cloud platform you want to monitor
Follow the setup instructions for that specific integration
Configure API credentials and permissions
Start collecting and analyzing security events
Use pre-built dashboards or create custom visualizations

Common Use Cases

Cloud Security Monitoring - Track security events across cloud infrastructure
Compliance Auditing - Monitor access and changes for compliance requirements
Threat Detection - Identify suspicious activities and potential security threats
Container Security - Monitor Docker container activities and lifecycle events
DevOps Security - Track code repository access and changes in GitHub
Identity Monitoring - Monitor authentication and authorization events

Next Steps

Explore the integration guides for specific cloud platforms:

Documentation Index

​Supported Cloud Platforms

​Cloud Service Providers

​DevOps Platforms

​Key Features

​Integration Architecture

​Data Source Filtering

​Getting Started

​Common Use Cases

​Next Steps