Wazuh integration
Centraleyezer connects to the Wazuh manager’s REST API and imports two feeds: the vulnerability detector’s per-agent CVE findings, and SCA (Security Configuration Assessment) policy check failures. Wazuh agents are matched to project assets by IP address, so only hosts you track become findings.
Scan types imported
- Agent-detected package vulnerabilities (CVE)
- SCA policy checks (failed controls)
API connection
Two source types share the same connection: Wazuh Vulnerabilities and Wazuh SCA. Enter the manager API address and an API user; on every run Centraleyezer lists the agents, keeps those whose IP matches a project asset, and pulls their results.
Configuration
Where to get the credentials
Create an API user on the Wazuh manager (or use the built-in one you provisioned at install time). The user needs read access to agents, vulnerability and SCA endpoints.
What gets imported on every run
- Vulnerabilities feed: per-agent CVE detections with title, severity (Low → Critical), CVSSv3 score, affected package and version, and external references.
- SCA feed: failed policy checks with title, rationale, remediation and severity — checks that pass are skipped.
- Agents are matched to assets by IP; assets found on the manager but not yet in the project are linked automatically.
How imported findings are risk-scored
Every Wazuh finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.