Wazuh | Mailing List

Hello Chandra, What you are seeing is normal for logs being ingested and rotated/cleaned up, removed,

Hello! I suggest you attempt using a regex that doesn't just check if the word "directories

Hello, Regarding the screenshots of the dashboard, the index pattern used in the dashboard does not

Hi Milene, Thanks for your reply — we've tracked down all the issues causing your Sysmon port

Hi Sandy In your case, if the event is decoded with data.dstip, this could be the correct pattern:

Ok, I have 3 vulnerabilities reported for same CVE: 1) Microsoft Visual Studio Tools for Applications

Dear Wazuh Support Team, I hope you are doing well. I am writing to report an issue with my Wazuh

Hello Awwal, thanks for the quick answer, when i did: GET .kibana/_search { "_source": [

Hi, Security xthreatinng Glad to know you find using Wazuh interesting, and we really appreciate your

Hi Alija, I'll try to address the main questions you've raised, but please bear in mind that

To add to this, we are also implementing Grafana and the time (somehow) needs kafka, thats why we

Hi Bony, thank you for your amazing help! We found out that the applications are indeed updated, but

Hello Nazmur, Everything is restored the problem was the <log_alert_level>3</log_alert_level

Hi Brenno, You can migrate those indices by taking a snapshot and restoring from the snapshot. Check

Good day Soro. Just to be sure, Could you confirm the following for the affected agents: Do the

Hello, Yes, that setup is possible. What you would need is a TCP forwarding proxy or load balancer,

Hello German, There is no hard limit. You can give an all-in-one more resources, and it will work

Dear Sir, Thank you for your guidance in resolving the Wazuh issue. Your support helped me solve the

You are right, and this is the reason why you are still seeing the old version-related vulnerability

Hi Brenno At the moment, I could not find this exact configuration described in the documentation.

- In order to backup your logs, You can configure <syslog_output> blocks in ossec.conf to

Hi, Have you resolved your issue? Please let me know the update, and feel free to reach out if you

Hello Domenica, To best understand this, I will need you to share these same sample logs from

Hello Julian! Sorry for the delay You are absolutely right, the only way to share a file across all

Hi, Currently, there are no built-in decoders or rules for OpenStack logs in Wazuh. If the OpenStack

Hello, Hasitha. Yes, I have attached the files. I identified an issue during testing: when I

Hi, Based on the details you shared, I was able to replicate the issue on my end. There are a few

Hi chao, I created an Active Response script that kills the Notepad process whenever FIM detects a

Thanks, exactly what I was looking for. On Friday, April 3, 2026 at 1:00:36 AM UTC-4 Md. Nazmur Sakib

Hello! AI tools can be helpful for creating rules and decoders, but it is important to review them