I am trying to build a script to run daily that will grab all of Wazuh’s security events from all agents for the past 24 hour period.

I have gotten the connection to Wazuh’s API using the documentation online and able to grab data such as agents, however I cannot seem to find or figure out how to get all of the security events like found on the Wazuh dashboard under:

Security Information Management -> Security Events -> Events

Provided a photo of the data on the dashboard that I am referring to:

Here is the python code, used as per Wazuh restful API documentation, can connect just not sure how to get the security events, have experimented with the Wazuh API console to see if I can get the results I am after there but no luck either:

#!/usr/bin/env python3
 
import json
import requests
import urllib3
from base64 import b64encode
 
# Disable insecure https warnings (for self-signed SSL certificates)
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 
# Configuration
protocol = 'https'
host = 'localhost'
port = 55000
user = 'username'
password = 'password'
login_endpoint = 'security/user/authenticate'
 
login_url = f"{protocol}://{host}:{port}/{login_endpoint}"
basic_auth = f"{user}:{password}".encode()
login_headers = {'Content-Type': 'application/json',
                 'Authorization': f'Basic {b64encode(basic_auth).decode()}'}
 
print("nLogin request ...n")
response = requests.post(login_url, headers=login_headers, verify=False)
token = json.loads(response.content.decode())['data']['token']
print(token)
 
# New authorization header with the JWT token we got
requests_headers = {'Content-Type': 'application/json',
                    'Authorization': f'Bearer {token}'}
 
print("n- API calls with TOKEN environment variable ...n")
 
print("Getting API information:")
 
response = requests.get(f"{protocol}://{host}:{port}/?pretty=true", headers=requests_headers, verify=False)
print(response.text)
 
print("nGetting agents status summary:")
 
response = requests.get(f"{protocol}://{host}:{port}/agents/summary/status?pretty=true", headers=requests_headers, verify=False)
print(response.text)
 
print("nEnd of the script.n")

Thank you really appreciate your time reading and helping with my question!