Security

 View Only
Back to discussions
Expand all | Collapse all

[Tutorial] Wazuh & Clearpass High Level Integration

This thread has been viewed 28 times

  • 1.  [Tutorial] Wazuh & Clearpass High Level Integration

    Posted Aug 10, 2025 12:52 PM
      |   view attached

    Hi Airheads,

    I've attached a concise PDF documenting a sample integration of HPE Aruba ClearPass logs with Wazuh. The scope focuses on configuring Syslog message forwarding, decoding a sample RADIUS accounting record, and segregating events using custom Wazuh regex decoders to extract key fields useful for accounting, triage, and related operational needs.

    I'd welcome any recommendations you think would add value, as well as questions or discussion points. Please feel free to reply here so we can continue the conversation.

    Keep in mind that the decoders should work for other RADIUS, TACACS, WEBAUTH or INSIGHT logs.

    Cheers,
    Vigan



    -------------------------------------------

    Attachment(s)

    pdf
    HPE_Aruba_ClearPass__Wazuh_Log_ingestion.pdf   589 KB 1 version


  • 2.  RE: [Tutorial] Wazuh & Clearpass High Level Integration

    Posted Aug 10, 2025 06:52 PM

    thanks for sharing



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



Related Content