Wazuh | Mailing List

So, Dashboard is trying both kibanaserver and admin, and both are failing auth. Your manual curl with

Hi Faber, Based on your logs and decoder, here's a suggested approach: # Decoders: <decoder

Hi. You will need to verify the agents' status; you can do this from the Wazuh dashboard Agents

Hello Mohand-said, Regarding the IOC Detection: Wazuh supports IOC detection via: Threat Intelligence

Hello Xavier, Please share the Wazuh version you are using? You can find the version by running this

Hello, To capture logs from kaspersky, you need to make use of rsyslog option, more about setting it

Thanks, I've solved it now. It was because of Filebeat and the new certificates I generated with

Great, then follow the Restoring old logs guide I shared earlier. You would need to specify the min

Hi thanks for the response, I have tried all things. Basically let me tell the agent installed on

Excellent, thank you for clearing that up for me! This makes perfect sense, and I understand. On

Currently, we do not have a direct integration with G Suite or rules and decoders for these logs. A

Hi, The error you're encountering is due to the log format. Your log is in syslog format, and in

Thank you Stuti for the help and your time. On Friday, April 25, 2025 at 10:33:57 AM UTC+2 Stuti

Hi, If you are configuring the agent using Wazuh centralized agent configuration, make sure that

Hi, Please make sure that the hostname of your server is not set to "RHEL7". To verify this

Sorry for the late response. You can check the cluster status like this: curl -XGET -k -u user:pass

Hi Hasitha, I've tried all the suggested steps, including setting the username and password, but

Hello, thanks for responding, Is your environment installed on just one server, or do you have

hello: I would suggest you that you can remove the wazuh-agent first, if it is still installed. You

Hello, Diego This is due to the fact that the rule you are referencing, 18107, checks for event ids

Hello, Everything looks fine from what you have shared. However, I need to be able to reproduce this

At the moment there are no plans to add what is mentioned in the product. So the alternative is to

Thank you for the workaround - a great strategy with the current limitations! On Wednesday, April 23,

I have tried to use geo location country name in rules in sid but that never happens. No rule is

Hello Rahul, I have confirmed that the message wazuh-db: WARNING: After vacuum, the database '381

Hi, The error that you have shared is related to the agent duplicate name issue, This typically

Hello, Sorry for the late response. Have you tried to create the /var/ossec/etc/lists folder before

Hi, Could you please provide more details about your requirement to help us better understand your

Thanks for the reply, I have confirmed that the vulnerabilities are working on the GUI. I cannot get

Hi Bovy, Thanks for the response. I did try the echo commands and reboot, but the disks are still not