I apologize if this is the wrong list to ask this question. I'm working on creating a Wazuh cluster, can I install Bro on that cluster or do I need to create a separate server cluster and ship the logs to the Wazuh cluster?
My apologies if this is a remedial question.
I suppose it is possible to store the zeek logs into the same cluster for Wazuh.
My suggestion is to install zeek and ship the zeek logs with filebeat to the cluster then try to see from kibana if zeek logs are being transferred to elasticsearch.
Note: I have not tried out by myself but my logical assumption suggests as above for your query
If you’re looking to deploy Wazuh and Zeek, you could use Security Onion and get them both!
Hope that helps!