All integrations
InfrastructureSIEMCompliance

Wazuh integration

Centraleyezer connects to the Wazuh manager’s REST API and imports two feeds: the vulnerability detector’s per-agent CVE findings, and SCA (Security Configuration Assessment) policy check failures. Wazuh agents are matched to project assets by IP address, so only hosts you track become findings.

Scan types imported

  • Agent-detected package vulnerabilities (CVE)
  • SCA policy checks (failed controls)

API connection

Two source types share the same connection: Wazuh Vulnerabilities and Wazuh SCA. Enter the manager API address and an API user; on every run Centraleyezer lists the agents, keeps those whose IP matches a project asset, and pulls their results.

Configuration

Hostname
Wazuh manager API address in hostname:port form (the Wazuh API default port is 55000).
Username / Password
A Wazuh API user (JWT authentication against the manager API).
Proxy (optional)
HTTP proxy host:port plus optional proxy credentials.

Where to get the credentials

Create an API user on the Wazuh manager (or use the built-in one you provisioned at install time). The user needs read access to agents, vulnerability and SCA endpoints.

What gets imported on every run

  • Vulnerabilities feed: per-agent CVE detections with title, severity (Low → Critical), CVSSv3 score, affected package and version, and external references.
  • SCA feed: failed policy checks with title, rationale, remediation and severity — checks that pass are skipped.
  • Agents are matched to assets by IP; assets found on the manager but not yet in the project are linked automatically.

How imported findings are risk-scored

Every Wazuh finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.

See the Wazuh integration live

Book a demo and we’ll connect your Wazuh data and walk through risk-based prioritisation on your own findings.

Wazuh Integration — Setup & Imported Scan Types