I chose Wazuh as a Network monitoring and alerting tool as it is open-source and easily configurable.

Here I will outline additional steps I have performed to enhance Wazuh’s basic functionality.

Integrating Wazuh with Slack Link to heading

I have integrated Slack as a chosen notification method for Wazuh security alerts. Here is a brief breakdown on how this is achieved. (https://documentation.wazuh.com/current/user-manual/manager/integration-with-external-apis.html)

1. Create a Slack Incoming Webhook Link to heading

In your Slack workspace, enable incoming webhooks and create one for your desired channel.

Wazuh1 Wazuh2 Wazuh3

2. Configure Wazuh Integration Link to heading

On the Wazuh manager, edit the configuration file:
```
sudo nano /var/ossec/etc/ossec.conf
```

Add the following integration configuration, replacing <SLACK_WEBHOOK_URL> with your actual Slack webhook URL:

<ossec_config>
  <integration>
    <name>slack</name>
    <hook_url><SLACK_WEBHOOK_URL></hook_url>
    <alert_format>json</alert_format>
    <level>5</level>
  </integration>
</ossec_config>

3. Restart Wazuh Manager Link to heading

Apply the changes by restarting the Wazuh manager:

sudo systemctl restart wazuh-manager

After completing these steps, Wazuh will send alerts directly to your specified Slack channel.