Documentation
Wazuh 4.14 Documentation - SIEM/XDR Platform Guide
Wazuh 4.14 Development and API Reference

Wazuh 4.14 Development and API Reference

Wazuh 4.14 offers a comprehensive developer toolkit: a REST API for programmatic platform management, a custom integration mechanism through integratord, Active Response scripts for automated remediation, and wodle modules for extending agent functionality. This section covers all aspects of Wazuh platform development.

Section Contents

REST API Reference

A complete reference for Wazuh 4.14 API endpoints, grouped by category: agent management, server, cluster, rules, decoders, SCA, vulnerabilities, and system inventory. Includes authentication, pagination, filtering, and error handling examples, along with Python SDK usage.

Custom Integration Development

A guide to building custom integrations: the integratord JSON input format, Active Response scripts in Bash and Python, custom wodle modules, webhook receivers, and alert processing examples. Includes ready-to-use templates for common scenarios.

Developer Tools

Wazuh provides several tools for development and debugging:

ToolPurposeLocation
wazuh-logtestTest decoders and rules/var/ossec/bin/wazuh-logtest
wazuh-controlManage Wazuh services/var/ossec/bin/wazuh-control
REST APIProgrammatic platform accesshttps://<manager>:55000
Python SDKClient library for the APIpip install wazuh-api
Integration scriptsIntegration handlers/var/ossec/integrations/
Active Response scriptsResponse handlers/var/ossec/active-response/bin/

Extension Architecture 

                    ┌─────────────────────┐
                    │   Wazuh Manager     │
                    │                     │
┌──────────┐       │  ┌───────────────┐  │       ┌──────────────┐
│ REST API │◀─────▶│  │  Engine       │  │──────▶│ integratord  │──▶ External
│ Client   │       │  │  (Rules/      │  │       │ (Push alerts)│    Systems
└──────────┘       │  │   Decoders)   │  │       └──────────────┘
                    │  └───────┬───────┘  │
                    │          │          │       ┌──────────────┐
                    │          ▼          │──────▶│ Active       │──▶ Agent
                    │  ┌───────────────┐  │       │ Response     │    Actions
                    │  │  Alert Queue  │  │       └──────────────┘
                    │  └───────────────┘  │
                    └─────────────────────┘

To get started with the API, refer to the REST API Reference . For building custom modules and scripts, see the Custom Integration Development section.

For built-in integrations with external platforms, see the Integrations section.

Last updated on