Wazuh | Mailing List

Hello, Nicolae Composite rules (those defined with a frequency and timeframe) are designed for

The high event volume (100M daily, 25M from agents) and the delays with your integrations, it's

Hi, Yes, the Wazuh agent can be deployed on Windows endpoints using Group Policy (GPO) from the

Hi John Your cluster health is red, and there are lots of unassigned shards (more than 200), which

I managed to make the system work according to this guide: https://github.com/wazuh/integrations/tree

Hi Seth, I have written some sample decoders based on your log. Add the new decoder to /var/ossec/etc

Hi, When an agent upgrade is initiated from the Wazuh Manager, the agent does not require direct

Hi, This behavior is expected after the upgrade. Starting with Wazuh 4.7, the <alert_format>

Hi Dirceu, Great, thanks for sharing those outputs. It looks like everything is good on the

Hello German, You can open Vulnerability Detection -> Inventory -> Available Fields and toggle

I am getting this error too but it is in the MS Graph API Events page. Please advise. On Wednesday,

Glyn, Apparently there is a problem accessing the database containing information on Mitre techniques

Hello Brenno, If I understand correctly, you want to build a third rule that after matching rule

Hello Reazul, Do you mean something similar to the attached screenshot? You can get this by

I got the integration working but it only works if I only put a single <request> section I want

Can you please let me know how you have generated the certs? Have you generated the self-sign certs?

Hi Giuseppe Your custom decoder is not working because the log pattern matches the default decoders

After in-depth research, there are a few options you can consider. The integration you're

Sorry for the late response, I was on holiday. We can see the old package in the vulnerability

Yes, offline migration is possible. You can take a backup by following Backup: https://documentation.

Hi, to verify the validity of the SSL certificate on port 1515, you should use command-line tools

Sorry for the late response, I was on holiday. I am glad that the IT Hygiene is working now. Are you

I cannot find any other custom rules other than the one I have already shared with the document. As I

Hello Daniel, Using the <localfile> block is correct, however, there are two small adjustments

Hello Narasimha, The short answer is that Wazuh does not by default monitor the browser history

Hi, It worked. Thank you. Em quarta-feira, 17 de dezembro de 2025 às 08:11:57 UTC-3, Bony V John

Thank you very much, that's what I was expecting ❤️ El viernes, 12 de diciembre de 2025 a las 21:

Hi Krishna, Glad to hear that you're now able to access the dashboard. Regarding the retention

Hello Sagar, Apologies for just getting back to you on this. We currently do not have an existing

I believe you have got your answer in this thread. https://groups.google.com/g/wazuh/c/XO5U4DTLl10 On