Wazuh | Mailing List

Since we are using Splunk as the backend SIEM, I have the Indexer disabled: /var/ossec/etc/ossec.conf

Hi guys! Can somebody help me with this error https://dontpad.com/sourcelist1? I'm in Ubuntu

Hi Felix, I'll be working with you to solve this issue, just let me do some research and I will

Hi John, Sure thing, I will be attentive to your response! On Tuesday, November 4, 2025 at 12:42:23

Hi! I've run a test on my local environment and it would seem that wildcards are allowed on the

Hi Gastón, I am sending you screenshots of my configurations. In every place where I could put DLS, I

Any update? 4 Kasım 2025 Salı tarihinde saat 15:28:20 UTC+3 itibarıyla Ali Holmes şunları yazdı: This

Hello, Please review the attached file. I made use of your rules and it worked with little tweaks in

Hello, I understand that you want to configure email notification and I can see the configuration you

Hi Herca, I have created some sample rules for you based on these logs id=firewall time="2022-03

Hi Santhosh, I believe I have previously checked the presentation sent by one of your project mates,

Hi Nazmur, Please find the config files attached. -- Regards, SUBASH P | www.mafiree.com On Tue, Nov

Hi, Apologies for the late response. I have replicated this issue on my end and confirmed that it

Hi! The issue is that same_field doesn't trigger because the field path or value isn't

Hello Aayush, Your setup should work. Wazuh does not support SMTP authentication directly, so using

Hello, Thank you for your feedback and for your interest in the IT Hygiene → Identity module. We

Hi Gabriel, I understand that you cannot see the log. Could you share the ossec.log with me so I can

Dear Diego, I hope you're doing well. Apologies for my delayed response — I've been quite

Thank you a lot. Vào lúc 19:45:00 UTC+7 ngày Thứ Hai, 3 tháng 11, 2025, Franco Giovanolli đã viết: Hi

Hi Stuti, Thanks. On Monday, 3 November 2025 at 15:13:06 UTC+5:30 Stuti Gupta wrote: Hi CLK Yes, Alex

Hello Abdoulatif I work well thank you i just change the level 10 to 0. but all the rest is OK. Le

Hi Celeste, Please let me know if you've already created a custom dashboard and are not seeing

Hello. Yes, if you receive events that are going to be indexed in the same index as the data.data

Hi mujesh papadok The best approach to resolve this issue is to carefully review all configuration

Hi Perry, It sounds like you've made excellent progress already, especially with building your

Hi Paul, Glad to hear the fresh setup got everything running smoothly. On Friday, October 31, 2025 at

The warnings you're seeing indicate that the Wazuh agent's event buffer temporarily reached

Hello Devsec, To clarify, yes you are correct, the wazuh server stores the alert information,

Hello, Based on the log you shared, I feel the issue is from your script. From the response, I see

Hello, Then the previous rule I share does exactly that. <group name="custom test,">