We have just started testing out Wazuh in our lab, and wanted to get that data Splunk'd.
It looks like the Wazuh App has a configuration entry for the Wazuh manager's API credentials. But the guide also states that a Forwarder be installed on the Wazuh manager:
That seems redundant. Before I tear apart the bits to see how it works, can somebody clear this up for me?
It's needed to set up data forwarding and also a connection with the Wazuh API in order to the app can work properly. This is because the app currently works with two data sources. From the app, you can:
I hope that helps, you can join to the mailing list: https://groups.google.com/forum/#!forum/wazuh
or join to our community Slack channel: https://wazuh.com/community/join-us-on-slack/
Also, you can open an issue in our app repository: https://github.com/wazuh/wazuh-splunk.
Please read my question again. I think you may have answered someone else's question by accident, as it has nothing to do with my post. Thanks!