A command-line tool for querying Wazuh security data using natural language through Google's Gemini AI.
- 🤖 Natural language queries for Wazuh security data
- 🧠 AI-powered security insights and threat analysis
- ⏱️ Customizable time ranges for security event analysis
- 🎨 Rich console output with alert indicators
- 📊 Automatic event correlation and analysis
- 📱 Slack integration for security alerts
- Python 3.8 or higher
- Access to a Wazuh server
- Google API key for Gemini
- Slack webhook URL (optional, for alert notifications)
# Clone the repository
git clone https://github.com/talnetd/wazunean.git
cd wazunean
# Create and activate a virtual environment (recommended)
python -m venv venv
source venv/bin/activate
# Install the package
pip install -e .Create a .env file in your home directory or project directory:
WAZUH_URL=https://localhost:55000
WAZUH_USER=your_username
WAZUH_PASSWORD=your_password
GOOGLE_API_KEY=your_gemini_api_key
SLACK_WEBHOOK=https://hooks.slack.com/services/YOUR/WEBHOOK/URL # Optional# Basic query
wzcli "Show recent security alerts"
# Query with specific time range
wzcli "Show authentication failures" --timeframe 24h
# Show raw security events
wzcli "Show malware detections" --raw
# Enable debug output
wzcli "Check file integrity monitoring" --debug
# Send security report to Slack
wzcli "Show security overview" --slackMIT License
Tin Aung Lin (tinaunglinn.eng91@gmail.com)