diff --git a/CHANGELOG.md b/CHANGELOG.md
index abbc1cd38..8985d4ab5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file.
 - Added rules and decoders for macOS sshd logs ([#593](https://github.com/wazuh/wazuh-ruleset/pull/593))
 - Added TSC/SOC compliance mapping ([#613](https://github.com/wazuh/wazuh-ruleset/pull/613))
 - Added rules and decoders for PaloAlto logs ([#658](https://github.com/wazuh/wazuh-ruleset/pull/658))
+- Added groups for Wazuh-api rules ([#675](https://github.com/wazuh/wazuh-ruleset/pull/675))
 
 
 ### Changed
diff --git a/decoders/0520-wazuh-api_decoders.xml b/decoders/0520-wazuh-api_decoders.xml
new file mode 100644
index 000000000..d10c0ad4a
--- /dev/null
+++ b/decoders/0520-wazuh-api_decoders.xml
@@ -0,0 +1,68 @@
+<!--
+  -  WazuhAPI decoders
+  -  Author: Daniel Moreno
+  -  Updated by Wazuh, Inc.
+  -  Copyright (C) 2015-2019, Wazuh Inc.
+  -  This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2.
+-->
+
+<decoder name="wazuhapi">
+  <prematch>WazuhAPI </prematch>
+</decoder>
+
+<!-- WazuhAPI 2019-02-27 15:23:17 user: [::ffff:11.0.0.19] GET /version? - 200 - error: '0'. -->
+
+  <decoder name="wazuhapi_requests">
+    <parent>wazuhapi</parent>
+    <prematch>\d+-\d+-\d+ \d+:\d+:\d+ \S+: [\S+] \w+ \S+ - \d+</prematch>
+    <regex offset="after_parent">(\d+-\d+-\d+ \d+:\d+:\d+) (\S+): [(\S+)] (\w+) (\S+) - \d+ - error: '(\d+)'</regex>
+    <order>timestamp,apiuser,remoteaddress,method,request,errorcode</order>
+  </decoder>
+
+<!-- WazuhAPI 2019-03-19 13:46:48 foo: Agent does not exist: 500 --> <!-- exceptions -->
+  <!-- This is a generic exception log, the decoder should work for every exception -->
+  <decoder name="wazuhapi_exceptions">
+    <parent>wazuhapi</parent>
+    <prematch></prematch>
+    <regex offset="after_parent">(\d+-\d+-\d+ \d+:\d+:\d+) (\S+): (\.+): \d+</regex>
+    <order>timestamp,apiuser,exception_message</order>
+  </decoder>
+
+<!-- WazuhAPI 2019-02-27 15:22:22 : Listening on: http://:::55000 -->
+
+  <decoder name="wazuhapi_listening">
+    <parent>wazuhapi</parent>
+    <prematch>Listening on</prematch>
+    <regex offset="after_parent">(\d+-\d+-\d+ \d+:\d+:\d+) : Listening on: (\.+)</regex>
+    <order>timestamp,apiurl</order>
+  </decoder>
+
+
+<!-- WazuhAPI 2019-03-18 16:08:13 user: [::1] User: "user" - Authentication failed. -->
+
+  <decoder name="wazuhapi_authfail">
+    <parent>wazuhapi</parent>
+    <prematch>Authentication failed</prematch>
+    <regex offset="after_parent">(\d+-\d+-\d+ \d+:\d+:\d+) (\S+):\.+ Authentication failed</regex>
+    <order>timestamp,apiuser</order>
+  </decoder>
+
+
+
+<!-- WazuhAPI 2019-03-18 16:08:13 Error: Address in use (port "550"): Close the program using that port or change the port. -->
+
+  <decoder name="wazuhapi_porterror">
+    <parent>wazuhapi</parent>
+    <prematch>Address in use</prematch>
+    <regex offset="after_parent">(\d+-\d+-\d+ \d+:\d+:\d+) Error: Address in use \(port "(\d+)"\)</regex>
+    <order>timestamp,port</order>
+  </decoder>
+
+<!-- WazuhAPI 2019-03-18 16:08:13 : [::1] Authentication error: 15 - Error message -->
+
+  <decoder name="wazuhapi_autherror">
+    <parent>wazuhapi</parent>
+    <prematch>Authentication error</prematch>
+    <regex offset="after_parent">(\d+-\d+-\d+ \d+:\d+:\d+) : [\.+] Authentication error: (\d+) - (\.+)</regex>
+    <order>timestamp,auth_error,error_message</order>
+  </decoder>
diff --git a/rules/0715-wazuh-api_rules.xml b/rules/0715-wazuh-api_rules.xml
new file mode 100644
index 000000000..051ffc1de
--- /dev/null
+++ b/rules/0715-wazuh-api_rules.xml
@@ -0,0 +1,198 @@
+<!--
+  -  WazuhAPI rules
+  -  Author: Daniel Moreno
+  -  Updated by Wazuh, Inc.
+  -  Copyright (C) 2015-2020, Wazuh Inc.
+  -  This program is a free software; you can redistribute it and/or modify it under the terms of GPLv2.
+-->
+
+<group name="wazuhapi">
+
+  <rule id="66500" level="0">
+    <decoded_as>wazuhapi</decoded_as>
+    <description></description>
+  </rule>
+
+<!-- WazuhAPI 2019-02-27 15:23:17 user: [::ffff:11.0.0.19] GET /version? - 200 - error: '0'. -->
+  <rule id="66501" level="3">
+    <if_sid>66500</if_sid>
+    <regex>^WazuhAPI \d+-\d+-\d+ \d+:\d+:\d+ \S+: [(\S+)] \w+ \S+ - \d+</regex>
+    <description>Wazuh API request received.</description>
+    <group>pci_dss_10.6.1,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+  </rule>
+
+  <!-- Childs -->
+
+    <rule id="66502" level="3">
+      <if_sid>66501</if_sid>
+      <match>GET</match>
+      <description>Wazuh API GET request received.</description>
+      <group>pci_dss_10.6.1,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+    </rule>
+
+      <rule id="66503" level="8">
+        <if_sid>66502</if_sid>
+        <description>Wazuh API request $(method) $(request) with error code $(errorcode)</description>
+        <group>pci_dss_10.6.1,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+      </rule>
+
+      <rule id="66504" level="3">
+        <if_sid>66503</if_sid>
+        <field name="errorcode">0</field>
+        <description>Wazuh API request $(method) $(request)</description>
+        <group>pci_dss_10.6.1,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+      </rule>
+
+    <rule id="66505" level="7">
+      <if_sid>66501</if_sid>
+      <match>POST</match>
+      <description>Wazuh API request POST received.</description>
+      <mitre>
+        <id>T1492</id>
+      </mitre>
+      <group>pci_dss_10.6.1,pci_dss_10.2.7,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,tsc_CC7.4,hipaa_164.312.e</group>
+    </rule>
+
+      <rule id="66506" level="7">
+        <if_sid>66505</if_sid>
+        <description>Wazuh API request $(method) $(request) with error code $(errorcode)</description>
+        <group>pci_dss_10.6.1,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+      </rule>
+
+      <rule id="66507" level="7">
+        <if_sid>66505</if_sid>
+        <field name="errorcode">0</field>
+        <description>Wazuh API request $(method) $(request)</description>
+        <group>pci_dss_10.6.1,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+      </rule>
+
+    <rule id="66508" level="10">
+      <if_sid>66501</if_sid>
+      <match>DELETE</match>
+      <description>Wazuh API request DELETE received.</description>
+      <mitre>
+        <id>T1492</id>
+      </mitre>
+      <group>pci_dss_10.6.1,pci_dss_10.2.7,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,tsc_CC7.4,hipaa_164.312.e</group>
+    </rule>
+
+      <rule id="66509" level="3">
+        <if_sid>66508</if_sid>
+        <description>Wazuh API request $(method) $(request) got the error $(errorcode)</description>
+        <group>pci_dss_10.6.1,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+      </rule>
+
+      <rule id="66510" level="3">
+        <if_sid>66508</if_sid>
+        <field name="errorcode">0</field>
+        <description>Wazuh API request $(method) $(request)</description>
+        <group>pci_dss_10.6.1,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+      </rule>
+
+    <rule id="66511" level="7">
+      <if_sid>66501</if_sid>
+      <match>PUT</match>
+      <description>Wazuh API request PUT received.</description>
+      <mitre>
+        <id>T1492</id>
+      </mitre>
+      <group>pci_dss_10.6.1,pci_dss_10.2.7,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,tsc_CC7.4,hipaa_164.312.e</group>
+    </rule>
+
+    <rule id="66512" level="3">
+        <if_sid>66511</if_sid>
+        <description>Wazuh API request $(method) $(request) got the error $(errorcode)</description>
+        <group>pci_dss_10.6.1,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+      </rule>
+
+    <rule id="66513" level="3">
+      <if_sid>66511</if_sid>
+      <field name="errorcode">0</field>
+      <description>Wazuh API request $(method) $(request)</description>
+      <group>pci_dss_10.6.1,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+    </rule>
+
+
+<!-- WazuhAPI 2019-03-19 13:46:48 foo: Agent does not exist: 500 --> <!-- exceptions -->
+  <!-- This is a generic exception log, the rule should work for every exception -->
+  <rule id="66514" level="12">
+    <if_sid>66500</if_sid>
+    <regex>^WazuhAPI \d+-\d+-\d+ \d+:\d+:\d+ \S+: \.+: \d+</regex>
+    <description>An exception was given, the message is: $(exception_message)</description>
+    <group>pci_dss_10.6.1,pci_dss_10.6.3,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+  </rule>
+
+<!-- app.js logs -->
+  <!-- WazuhAPI 2019-03-18 16:08:13 user: [::1] User: "user" - Authentication failed. -->
+    <rule id="66515" level="9">
+      <if_sid>66500</if_sid>
+      <match>Authentication failed</match>
+      <description>Authentication with api from user $(apiuser) failed.</description>
+      <group>pci_dss_10.6.1,pci_dss_10.2.4,pci_dss_10.2.5,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,tsc_CC7.4,hipaa_164.312.d,gdpr_IV_35.7.d,gdpr_IV_32.2,</group>
+    </rule>
+
+  <!-- WazuhAPI 2019-03-18 16:08:13 : [::1] Authentication error: 15 - Error message -->
+    <rule id="66516" level="9">
+      <if_sid>66500</if_sid>
+      <match>Authentication error</match>
+      <description>Authentication with api failed with the error $(auth_error) and the message: $(error_message).</description>
+      <group>pci_dss_10.6.1,pci_dss_10.2.4,pci_dss_10.2.5,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,tsc_CC7.4,hipaa_164.312.d,gdpr_IV_35.7.d,gdpr_IV_32.2,</group>
+    </rule>
+
+  <!-- WazuhAPI 2019-03-18 16:08:13 user: Internal Error -->
+    <rule id="66517" level="12">
+      <if_sid>66500</if_sid>
+      <match>Internal Error</match>
+      <description>Internal error detected in the API.</description>
+      <group>pci_dss_10.6.1,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+    </rule>
+
+    <!-- WazuhAPI 2019-03-18 16:08:13 user: Internal Error: uncaughtException -->
+      <rule id="66518" level="12">
+        <if_sid>66517</if_sid>
+        <match>Internal Error: uncaughtException</match>
+        <description>Internal error detected in the API, an uncaught exception was thrown.</description>
+        <group>pci_dss_10.6.1,pci_dss_10.6.3,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+      </rule>
+
+  <!-- WazuhAPI 2019-03-18 16:08:13 user: Exiting... -->
+    <rule id="66519" level="10">
+      <if_sid>66500</if_sid>
+      <match>Exiting...</match>
+      <description>The API has just exited.</description>
+      <group>pci_dss_10.6.1,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+    </rule>
+
+    <!-- Childs -->
+
+      <rule id="66520" level="10">
+        <if_sid>66519</if_sid>
+        <match>Exiting... (SIGTERM)</match>
+        <description>The API has just exited. (SIGTERM)</description>
+        <group>pci_dss_10.6.1,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+      </rule>
+
+      <rule id="66521" level="10">
+        <if_sid>66519</if_sid>
+        <match>Exiting... (SIGINT)</match>
+        <description>The API has just exited. (SIGINT)</description>
+        <group>pci_dss_10.6.1,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+      </rule>
+  <!-- WazuhAPI 2019-02-27 15:22:22 : Listening on: http://:::55000 -->
+    <rule id="66522" level="3">
+      <if_sid>66500</if_sid>
+      <match>Listening on</match>
+      <description>Api is hearing at $(apiurl)</description>
+      <group>pci_dss_10.6.1,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+    </rule> 
+
+  <!-- WazuhAPI 2019-03-18 16:08:13 Error: Address in use (port "550"): Close the program using that port or change the port. -->
+    <rule id="66523" level="10">
+      <if_sid>66500</if_sid>
+      <match>Address in use</match>
+      <description>Another instance is using the port $(port)</description>
+      <group>pci_dss_10.6.1,tsc_CC6.1,tsc_CC6.8,tsc_CC7.2,tsc_CC7.3,</group>
+    </rule>
+
+</group>
+
diff --git a/tools/rules-testing/beforeruntest.sh b/tools/rules-testing/beforeruntest.sh
new file mode 100755
index 000000000..67b92f349
--- /dev/null
+++ b/tools/rules-testing/beforeruntest.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+WAZUH_MANAGER_DIR="/var/ossec"
+WAZUH_REPO_DIR="/home/vagrant/wazuh-ruleset"
+rm -rf ${WAZUH_MANAGER_DIR}/ruleset/rules/*
+rm -rf ${WAZUH_MANAGER_DIR}/ruleset/decoders/*
+cp -r ${WAZUH_REPO_DIR}/rules/* ${WAZUH_MANAGER_DIR}/ruleset/rules
+cp -r ${WAZUH_REPO_DIR}/decoders/* ${WAZUH_MANAGER_DIR}/ruleset/decoders
+chown -R root:ossec ${WAZUH_MANAGER_DIR}/ruleset/rules
+chown -R root:ossec ${WAZUH_MANAGER_DIR}/ruleset/decoders
+chmod 644 ${WAZUH_MANAGER_DIR}/ruleset/rules/0015-ossec_rules.xml
+rm -rf ${WAZUH_MANAGER_DIR}/ruleset/rules/log-entries
+rm -rf ${WAZUH_MANAGER_DIR}/ruleset/rules/translated
+cd ${WAZUH_REPO_DIR}/tools/rules-testing/
+./runtests.py
diff --git a/tools/rules-testing/tests/api.ini b/tools/rules-testing/tests/api.ini
new file mode 100644
index 000000000..aa42ae49b
--- /dev/null
+++ b/tools/rules-testing/tests/api.ini
@@ -0,0 +1,53 @@
+[Request to the api with errorcode 0]
+log 1 pass = WazuhAPI 2019-02-27 15:23:17 user: [::ffff:11.0.0.19] GET /version? - 200 - error: '0'.
+rule = 66504
+alert = 3
+decoder = wazuhapi
+
+[Generic exception message when the API is set in error mode]
+log 1 pass = WazuhAPI 2019-03-19 13:46:48 foo: Agent does not exist: 500 --> <!-- exceptions
+rule = 66514
+alert = 12
+decoder = wazuhapi
+
+[Incorrect login because of username]
+log 1 pass = WazuhAPI 2019-03-18 16:08:13 user: [::1] User: "user" - Authentication failed.
+rule = 66515
+alert = 9
+decoder = wazuhapi
+
+[Incorrect login because of error]
+log 1 pass = WazuhAPI 2019-03-18 16:08:13 : [::1] Authentication error: 15 - Error message
+rule = 66516
+alert = 9
+decoder=wazuhapi
+
+[Internal error from the API]
+log 1 pass = WazuhAPI 2019-03-18 16:08:13 user: Internal Error
+rule = 66517
+alert = 12
+decoder=wazuhapi
+
+[The API is exiting]
+log 1 pass = WazuhAPI 2019-03-18 16:08:13 user: Exiting...
+rule = 66519
+alert = 10
+decoder=wazuhapi
+
+[The API is now hearing]
+log 1 pass = WazuhAPI 2019-02-27 15:22:22 : Listening on: http://:::55000
+rule = 66522
+alert = 3
+decoder = wazuhapi
+
+[Error in the API because of the port]
+log 1 pass = WazuhAPI 2019-03-18 16:08:13 Error: Address in use (port "550"): Close the program using that port or change the port.
+rule = 66523
+alert = 10
+decoder = wazuhapi
+
+[Internal error in the API uncaught]
+log 1 pass = WazuhAPI 2019-03-18 16:08:13 user: Internal Error: uncaughtException
+rule = 66518
+alert = 12
+decoder=wazuhapi