Wazuh | Mailing List

Hi Hasitha, Thank you for your reply. I've additional data to be extracted: for example: 12/24/

Hello, Thank you for you response. I have added all the necessary screenshots. I have also added

Hi and happy new year, These are the results for all checklist: 1. { "cluster_name" :

a. Detects abnormal execution of Windows built-in tools such as certutil, mshta, rundll32, wmic, and

Can you run the command without tail? I would like to see if there are any references to other errors

Thank you; I can add these. Would these work in the case of a total logging failure? The problem

done thanks On Wednesday, 31 December 2025 at 17:09:25 UTC+5:30 Jack Martin wrote: nothing happen the

i am also doing this was like admin normal user have admin power and normal user gain the run as amin

Hi Martin. Thanks for the information. In the logs you just shared I could find the following lines:

Hello. From what you mention, the error that appears in the logs is not related to WhatsApp events.

HI, there are any filter for that? Regards German El martes, 23 de diciembre de 2025 a las 13:13:21

Thank you again, Karlo. Per the logs mentioned in my original email, no errors appear in integration.

Hello, I hope you're well. There is an official Wazuh blog post that has come in handy in the

Hi Gokul: Before diving into a specific root cause, it would be helpful to gather more context about

Hi, The behavior you're experiencing is related to rule 92651, which is designed to detect remote

Thank you very much, I managed to get the integration working thanks to your help. El viernes, 26 de

Hello. Thank you for your quick answer, but it didn't help. i have }, "ClientIP": {

Hi, To trigger alerts when a USB device is disconnected, please follow the steps I shared in my

Hi Stuti, Thanks a lot for pointing me the right command (again). I did use that back in 2022, but I

Hi Yogi, You want your Wazuh and Sysmon setup to generate alerts only for applications that you

Hi CIA, I have found a third-party resource that helps you to forward the logs to Wazuh. To listen to

Hi Baran, Since version 4.3, many changes have been introduced. I recommend that you take a look at

Hi The default decoder is decoding most of the fields, you can see in the image. Can you please let

Hello Prince, In order to execute the script on the agents, you need to add your custom active

Hi John, Sorry for the late reply. I'm glad to hear that the indexer issue has been resolved.

Hello Tengku, Can you explain your query in detail? Are you trying to filter out logs from triggering

Hello You cannot use multiple ports in the </port> section of the <remote> block. <

Hello Tengku, It seems to me the issue is with SMTP server name <smtp_server>smtp.office365.com

Hi, Do you still need assitance? Thanks, On Friday, December 19, 2025 at 1:51:27 PM UTC+8 Karlo

Hi Hasitha, I followed the document and updated the required details; however, I'm still unable