Wazuh | Mailing List

Dead Wazuh Team, I Need to know about opensearch.yml ( /etc/wazuh-indexer/opensearch.yml ), where i

Hello Victor I moved those indices to an S3 bucket, and now I want to copy them to the server and

Hello, Thank you, In this case, for each client, will a new single-node Docker stack be necessary,

Hi, Apologies for the late response. If the issue is occurring only for a specific rule ID, I

Hi Robby, Yes, CDB lists can contain IPv6 addresses and can be used to check events containing these.

Hi Ilsa Khan, Your approach is valid as a research/custom-extension idea, but it should be described

Hi Nick We are glad that your option 1 is working. In option 2, yes, you can use both. Wazuh supports

Thank you for your response. I tried the rule you shared, but it is still not triggering. Rule 100006

In that case, let's search without the string kibana GET /_search { "_source": ["

Hi Hashita, Sorry for the late reply This is the starting log in attachement, The agent didn't

Hello Olamilekan, Thanks for the response and help. I have already disabled the archive and delete

Hi, Apologies for the late response. If the agent is showing as inactive on the Wazuh dashboard, the

Hello! I suggest you attempt using a regex that doesn't just check if the word "directories

Hello, Regarding the screenshots of the dashboard, the index pattern used in the dashboard does not

Hi Milene, Thanks for your reply — we've tracked down all the issues causing your Sysmon port

Hi Sandy In your case, if the event is decoded with data.dstip, this could be the correct pattern:

Ok, I have 3 vulnerabilities reported for same CVE: 1) Microsoft Visual Studio Tools for Applications

Dear Wazuh Support Team, I hope you are doing well. I am writing to report an issue with my Wazuh

Hi, Security xthreatinng Glad to know you find using Wazuh interesting, and we really appreciate your

Hi Alija, I'll try to address the main questions you've raised, but please bear in mind that

To add to this, we are also implementing Grafana and the time (somehow) needs kafka, thats why we

Hello Nazmur, Everything is restored the problem was the <log_alert_level>3</log_alert_level

Hi Brenno, You can migrate those indices by taking a snapshot and restoring from the snapshot. Check

Good day Soro. Just to be sure, Could you confirm the following for the affected agents: Do the

Hello, Yes, that setup is possible. What you would need is a TCP forwarding proxy or load balancer,

Hello German, There is no hard limit. You can give an all-in-one more resources, and it will work

Dear Sir, Thank you for your guidance in resolving the Wazuh issue. Your support helped me solve the

You are right, and this is the reason why you are still seeing the old version-related vulnerability

Hi Brenno At the moment, I could not find this exact configuration described in the documentation.

- In order to backup your logs, You can configure <syslog_output> blocks in ossec.conf to