wazuh · javimed · Sep 8, 2023 · Sep 6, 2023 · Sep 7, 2023 · Sep 7, 2023
diff --git a/source/user-manual/manager/manual-integration.rst b/source/user-manual/manager/manual-integration.rst
@@ -28,7 +28,12 @@ The integrations are configured on the Wazuh manager ``ossec.conf`` file. You ca
     <level> </level>
     <group> </group>
     <event_location> </event_location>
+
+    <!-- Optional settings -->
+    <max_log> </max_log>
     <options> </options>
+    <timeout> </timeout>
+    <retries> </retries>
   </integration>
 
 
@@ -51,7 +56,14 @@ The following considerations must be taken into account when the filters are set
 .. note::
   It is recommended to carefully check the groups and rule identifiers mentioned above, as defining them incorrectly will result in expected alerts not being sent to the integration.
 
-The full configuration reference for the Integrator daemon can be found :ref:`here <reference_ossec_integration>`.
+You can find the full configuration reference for the Integrator daemon in the :ref:`Integration <reference_ossec_integration>` section of our Reference guide.
+
+Optional settings
+^^^^^^^^^^^^^^^^^
+
+The `Integrator` daemon uses the `optional settings` fields to tailor the integration behavior.
+
+You can find the full configuration reference for the Integrator daemon in the :ref:`Integration <reference_ossec_integration>` section of our Reference guide.
 
 Slack
 -----
@@ -74,7 +86,7 @@ To set up this integration, follow these steps.
 
    .. note::
 
-      You can set a JSON object with customization fields using the :ref:`options <integration_options_tag>` tag. Visit the `Slack API reference <https://api.slack.com/reference/messaging/attachments#legacy_fields>`__ for information about available customization fields.
+      You can set a JSON object with customization fields using the ``options`` tag. Visit the `Slack API reference <https://api.slack.com/reference/messaging/attachments#legacy_fields>`__ for information about available customization fields.
 
 #. Restart the Wazuh manager to apply the changes.
 
@@ -111,7 +123,7 @@ To set up this integration, do the following.
 
    .. note::
 
-      You can set a JSON object with customization fields using the :ref:`options <integration_options_tag>` tag. Visit the `PagerDuty API reference <https://developer.pagerduty.com/docs/ZG9jOjExMDI5NTgx-send-an-alert-event>`__ for information about available customization fields.
+      You can set a JSON object with customization fields using the ``options`` tag. Visit the `PagerDuty API reference <https://developer.pagerduty.com/docs/ZG9jOjExMDI5NTgx-send-an-alert-event>`__ for information about available customization fields.
 
 #. Restart the Wazuh manager to apply the changes.
 
@@ -179,7 +191,7 @@ To set up this integration, do the following.
 
    .. note::
 
-      You can set a JSON object with customization fields using the :ref:`options <integration_options_tag>` tag. Visit the `Shuffle API reference <https://shuffler.io/docs/API>`__ for information about available customization fields.
+      You can set a JSON object with customization fields using the ``options`` tag. Visit the `Shuffle API reference <https://shuffler.io/docs/API>`__ for information about available customization fields.
 
 #. Restart the Wazuh manager to apply the changes.
 

diff --git a/source/user-manual/reference/ossec-conf/integration.rst b/source/user-manual/reference/ossec-conf/integration.rst
@@ -1,7 +1,7 @@
 .. Copyright (C) 2015, Wazuh, Inc.
 
 .. meta::
-  :description: Learn how to configure the manager to connect Wazuh to external APIs. Check out the options, optional filters, and configuration examples.
+  :description: Learn how to configure the manager to connect Wazuh to external APIs. Check out the options, optional filters, optional settings, and configuration examples.
 
 .. _reference_ossec_integration:
 
@@ -56,6 +56,19 @@ This is the key that you would have retrieved from the PagerDuty, VirusTotal, or
 | **Allowed values** | PagerDuty/VirusTotal/Maltiverse Api key |
 +--------------------+-----------------------------------------+
 
+alert_format
+^^^^^^^^^^^^
+
+This writes the alert file in the JSON format, which the Integrator uses to fetch fields values.
+
++--------------------+-----------------------------------------------------------+
+| **Default value**  | n/a                                                       |
++--------------------+-----------------------------------------------------------+
+| **Allowed values** | json                                                      |
++--------------------+-----------------------------------------------------------+
+
+.. note:: Set this option as ``json`` for Slack, VirusTotal, Shuffle, and Maltiverse integrations.
+
 Optional filters
 ----------------
 
@@ -103,18 +116,8 @@ This filters alerts by where the event originated.
 | **Allowed values** | Any :ref:`sregex<sregex_os_match_syntax>` expression.        |
 +--------------------+--------------------------------------------------------------+
 
-alert_format
-^^^^^^^^^^^^
-
-This writes the alert file in the JSON format. The Integrator makes use of this file to fetch fields values.
-
-+--------------------+-----------------------------------------------------------+
-| **Default value**  | n/a                                                       |
-+--------------------+-----------------------------------------------------------+
-| **Allowed values** | json                                                      |
-+--------------------+-----------------------------------------------------------+
-
-.. note:: This option must be set to ``json`` for Slack, VirusTotal, Shuffle, and Maltiverse integrations.
+Optional settings
+-----------------
 
 max_log
 ^^^^^^^
@@ -129,8 +132,6 @@ The maximum length of an alert snippet that will be sent to the Integrator.  Lon
 
 .. note:: This option only applies if ``alert_format`` is not set to ``json``.
 
-.. _integration_options_tag:
-
 options
 ^^^^^^^
 
@@ -142,6 +143,28 @@ This overwrites the previous fields or adds customization fields according to th
 | **Allowed values** | json                                                      |
 +--------------------+-----------------------------------------------------------+
 
+timeout
+^^^^^^^
+
+The timeout (in seconds) to wait for a valid response from the external integration server.
+
++--------------------+-----------------------------------------------------------+
+| **Default value**  | 10                                                        |
++--------------------+-----------------------------------------------------------+
+| **Allowed values** | Any positive integer.                                     |
++--------------------+-----------------------------------------------------------+
+
+retries
+^^^^^^^
+
+On timeout, the maximum number of retry attempts for a request to the external integration server.
+
++--------------------+-----------------------------------------------------------+
+| **Default value**  | 3                                                         |
++--------------------+-----------------------------------------------------------+
+| **Allowed values** | Any positive integer.                                     |
++--------------------+-----------------------------------------------------------+
+
 Configuration example
 ---------------------
 
@@ -171,6 +194,8 @@ Configuration example
     <api_key>API_KEY</api_key> <!-- Replace with your VirusTotal API key -->
     <group>syscheck</group>
     <alert_format>json</alert_format>
+    <timeout>30</timeout>
+    <retries>5</retries>
   </integration>
 
   <!-- Integration with Shuffle -->
@@ -199,4 +224,4 @@ Configuration example
     <api_key>APIKEY</api_key> <!-- Replace with your external service API key -->
     <alert_format>json</alert_format>
     <options>{"data": "Custom data"}</options> <!-- Replace with your custom JSON object -->
-  </integration>
+  </integration>