The Wazuh Action enables organizations to export ThreatQ indicators to Wazuh by transforming a configured ThreatQ export into type-specific CDB lists. The action parses indicator values by IoC type and submits them to Wazuh as CDB lists, either creating new lists or overwriting existing lists with the same name to ensure updated intelligence is consistently applied.

The integration provides the following action:

• Wazuh Submit CDB Lists - exports ThreatQ indicator values to Wazuh as type-specific CDB lists for use in detection and alerting workflows.

The integration is compatible with the following indicator types:

• FQDN
• IP Address
• IPv6 Address
• MD5
• SHA-1
• SHA-256
• URL

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.