first 4 steps

website/integrations/services/wazuh/index.md

@@ -0,0 +1,97 @@
+---
+title: wazuh. 
+---
+
+<span class="badge badge--secondary">Support level: Community</span>
+
+## What is wazuh
+
+> wazuh is an open source Security Information and Event Management System that also has (extended) Endpoint Detection & Response (XDR) capabilities, as well as components of a Network Intrusion & Detection System (NIDS). 
+>
+> -- https://wazuh.com
+
+:::note
+We assume that you already have wazuh and authentik installed/setup and now want to integrate authentik as your IDP solution to have SSO within wazuh.
+:::
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `wazuh.company` is the FQDN of the wazuh server instance.
+-   `authentik.company` is the FQDN of the authentik install.
+
+While wazuh allows both LDAP and SAML integration, in this post we will only walk through the SAML integration. 
+
+### Step 1
+
+The first step would be to add a certificate for wazuh.
+
+You can generate a new one under `System` -> `Certificates` -> `Generate`
+
+
+Add a name, set the validity period to 365 days and click `Generate`
+![](./certificate.png)
+
+If all goes well authentik will display a message like the one below
+![](./certificate1.png)
+
+### Step 2
+
+Now add a SAML provider - you can find the options under `Applications` -> `Providers`
+
+![](./provider.png)
+
+Select SAML Provider and click Next
+![](./provider1.png)
+
+Add a descriptive name, select the appropriate Authentication/Authorization flow, adjust the ACS URL to contain the IP/hostname of your wazuh installation and add `/_opendistro/_security/saml/acs` to the end.
+
+`https://<WAZUH_IP_OR_HOSTNAME>/_opendistro/_security/saml/acs`
+
+also make sure to give it an appropriate `EntityID` name (`issuer`), you will need that later and a valid option is e.g. `wazuh-saml` 
+
+Select `Post` as the `Service Provider Binding` and move on to the advanced protocol settings.
+![](./provider2.png)
+
+The last step is to select the previously created `Signing Certificate` from the dropdown list and leave the rest of the configurations as default for now. 
+![](./provider3.png)
+![](./provider4.png)
+![](./provider5.png)
+
+### Step 3
+
+Time to create a Property Mapping - this is a custom function that takes group/user data from authentik and provides it to wazuh in a structured way. 
+
+We will map a group membership - `wazuh-admins` - as a backend role for RBAC in wazuh using Property Mapping - `Customization` -> `Property Mappings`
+
+`Name: wazuh property mapping`
+
+`SAML Attribute Role: Roles`
+
+![](./property-mapping.png)
+![](./property-mapping2.png)
+
+```python
+if ak_is_group_member(request.user, name="wazuh-admins"):
+  yield "wazuh-admin"
+```
+
+Make sure to adjust the provider to include the newly created property mapping in the `Advanced protocol settings`.
+![](./property-mapping3.png)
+
+### Step 4
+
+Now create an application to use the newly created provider. `Applications` -> `Applications` - `Create`
+
+`Name: wazuh`
+
+`Slug: wazuh`
+
+`Provider: SAML`
+
+`Policy Engine: any`
+
+![](./application.png)
+
+### Step 5