Skip to main content

Run command

Action ID: tools.wazuh.active_response Run an Active Response command on Wazuh agents. Reference: https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.active_response_controller.run_command

Secrets

Required secrets:
  • wazuh_wui: required values WAZUH_WUI_USERNAME, WAZUH_WUI_PASSWORD.

Input fields

agents_list
string | null
required
List of agent IDs (separated by comma), all agents selected by default if not specified.
command
string
required
Command running in the agent. If this value starts with !, then it refers to a script name instead of a command name.
auth_token_exp_timeout
integer
Change the token base durationDefault: 900.
base_url
string | null
URL for the Wazuh WUI API.Default: null.
verify_ssl
boolean
If False, disables SSL verification for internal networks.Default: true.

Update agents

Action ID: tools.wazuh.update_agents Identifies outdated Wazuh agents and updates them. Reference: https://documentation.wazuh.com/current/user-manual/api/reference.html#operation/api.controllers.agent_controller.put_upgrade_agents

Secrets

Required secrets:
  • wazuh_wui: required values WAZUH_WUI_USERNAME, WAZUH_WUI_PASSWORD.

Input fields

auth_token_exp_timeout
integer
Change the token base durationDefault: 900.
base_url
string | null
URL for the Wazuh WUI API.Default: null.
verify_ssl
boolean
If False, disables SSL verification for internal networks.Default: true.