Wazuh | Mailing List

Hi Javier, Thanks, I tried this and yet the listing of these vulnerabilities won't go and it

In principle, custom decoders cannot be applied after the windows_eventchannel decoder because it is

Hey wazuh community, I am trying my luck with a Decoder for Sophos XGS3100 devices. I added this to

Hello, do you have it figured out now? Also, check this documentation for more information - https://

Hi Facu, We should probably review the event triggering rule 60204. Could you share the raw event so

Hello , The reason your rule did not work is because, from what you shared, you used if_matched_sid

Hi, I'd like to clarify a point from my previous response. Since srcip is a static (built-in)

Hi Tengku, The issue you are facing are noise coming from docker, kube8, containerd. You can suppress

Hi Team, I just wanted to follow up on this issue. If you have any further questions or require

Hi Javier, Thank you for the explanation. I understand what you are trying to convey. Could you

Hi Akshay, First of all, verify the FortiGate alerts are generating on the alerts.json file: /var/

Thanks!! It's really works! вторник, 27 января 2026 г. в 15:40:05 UTC+3, John Adewale Olatunde:

I'm having this problem primarily with this monitor (and similar monitors that aggregate a large

Hello Suvadip, Here is the new decoder plus some modifications I made to the decoder we had before:

Hi, Apologies for the late response. For monitoring network-level attacks, you can consider

Hello @Richmond, Apologies for the delayed response, and thank you for your reply. Please find below

Hi Marcos, It works! Great! I also applied the same to "filebeat-7.10.2-wazuh-archives-pipeline

Hello, i have ERRORS in my wazuh-cluster.log [2026-01-30T14:11:17378][ERROR][oonct

Veera: Thanks for the detailed explanation of both cases. When should FIM events be expected after a

Hello, Glad to help! I tried this validator and it seemed to work -> https://www.liquid-

Good catch DK!! Thanks for the PR, we've already merged it and the change will be in production

Hi Hari, The format of the decoders is not correct. AI tools can be helpful for writing decoders and

I am checking this internaly I will let you know the update if we can provide you with any possible

Hi Nicolas, Sorry for re-activating this thread... I forgot to follow up but now, I'm still have

Hello, Thank you very much for your reply. Best Regards Le jeudi 29 janvier 2026 à 21:54:07 UTC+1,

Hi, the issue seems to be because your Windows endpoint is not showing the full file extension,

You're welcome, and thanks again for sharing your work. If at any point you'd like to

Hello, If you are still getting alerts after resetting the VD module, you can create a custom rule as

Hello Mahad, When you install the Wazuh manager, it also runs an internal agent on the same host, but

I am facing a problem with logging 4104 events (Microsoft-Windows-PowerShell/Operational) For some