Wazuh | Mailing List

Hey Robby, Hi, I have recently setup the wazuh and normally in any siem there will be a tab of alerts

I do to implement the Cleartext Credential Exposure use case using Wazuh: Detect passwords stored in

Hi Team, If the <file_limit> has been increased to 2500000 and the kernel parameter fs.inotify.

Hello Brenno, First you need to identify where the login alerts are coming from so you can make

Hi DIWAHAR, Thanks for the details. I am going to replicate this behavior and will share an update

Hello Chi Bùi Quỳnh To answer your questions: Which approach is more suitable and scalable for this

It is not possible to make the same report. But you can make a similar custom dashboard for Threat

Thanks for the details . No more assistance required. On Monday, January 5, 2026 at 3:16:34 PM UTC+5:

Dear Tatavolu, Your GET _cluster/settings output shows a persistent cluster block and may be the

Hi, My system is an AlmaLinux 9.7 (fully patched as today) I'll check the article later but just

Jose Cintron 11:25 AM (Hello Nazmur Thanks for the information and the pointers to the documentation

Hi, I have already gone through the decoder file you shared, and I provided the updated decoder file

Hi Paul. Could you share the pod configuration you are using to replicate the scenario you are trying

When you answer this mail make sure to click on the "reply to all", this way all the users

George, I'm not 100% positive of the cause of the issue, but the json decoder is implemented in

Dear Bony V John, thank you very much. It works for me.Thank you very much. Il giorno lunedì 5

Hello, To help other community users benefit from the troubleshooting process, please reply to all in

Hi, Thank you for the confirmation. Based on what you've described, the migration looks

Hello Mefisto, The issue you are experiencing is due to character encoding problems when matching the

Hello Raju, Further to my earlier message, please update the Wazuh Indexer username and password in

Hi Sumit The rebranding requests involve additional technical considerations that are important to

Hi , For the test i have set wazuh_modules.debug=2 in /var/ossec/etc/local_options.conf. The command

Hello Junior, I am glad the decoders and rule worked for you. In response to your second question,

Notice: The custom rule described above can be set by either overwriting the original rule or by

Hi M Mun, Following up on my previous answer, I wanted to share some additional context on why this

Please run the following command at Indexer Management > Dev Tools : GET /_cat/templates?v GET /

Hi Abdulrazack Unfortunately, the information provided so far is not sufficient to identify the root

Hi, Based on your requirement, I created a sample PowerShell script that downloads the required

Hi Yap, I have simplified the decoders as shown below. I noticed that all logs up to 1/5/2026 10:33:

Hi Team, It's working now. Thanks for the support. On Tue, Dec 23, 2025 at 10:17 PM '