Wazuh | Mailing List

Good morning, I am writing because I have enrolled a Debian machine in Wazuh and we are sending logs

Dear Wazuh Team I am having the issue with IT Hygiene where no data is being displayed. Could you

I want to deploy agents scripts in the manager shared folder and then create active reponse with

Hi, I'm working on a decoder for events from Hirschmann switches. I don't know what I'm

Hello Harihar, Do you know where do i get the Restored Virustotal files? I can't just reinstalled

Dear Md. Nazmur Sakib, As requested, I have checked the agent configuration and restarted the agent

Hi Community, I was trying to make a rule for Active Response, The Active Response works fine. This

Hi Reinstall Wazuh from sources and perform the following to include GeoLite2 database: Install

Perfect. Let's take a deeper look into your environment. Verify that the Wazuh manager is

Wazuh has official documentation for integrating Suricata: Network IDS integration. I've reviewed

Hello, You can integrate MISP to coress check your data from the alerts with MISP IOCs once the

Hi Carlos, Sorry for not mentioning earlier – our Wazuh version is 4.14. Kind regards, Jaswanth On

Hi Nikolay You can check the status of the processes of wazuh, Based on what we see, you should have

As we couldn't resolve the issue, we performed a backup of the server (hopefully we have this

Ah I see, There's a conflict. Now it's all correct. Thanks a lot Marcus. Regards, Bayu

Hi Lucas, You can create a custom rule that using a parent rule 40101. To ignore alerts for specific

Hello, I"m working with MAx, then let me give you more details. 1/ It is not related to Alerts (

Hello Stefanny, The rules should look like this <group name="windows,logon_unusual_detection,

Jonathan, To archive the logs, you need to enable the archiving following this guide: https://

Hi Vanderson, It's hard to tell by just seeing this error. But you can enable the debug mode and

Are these agents on user workstations that shutdown at the end of the workday? The user can indeed

Done The problem was the flag <smtp_server>smtp-server.com </smtp_server> over ossec.conf

Hi Joaquim, Thank you for your question. Wazuh provides internal statistics, such as remoted.

Agents use an in-memory leaky bucket buffer to hold events temporarily when the manager is

Hi MaP, The issue you mentioned does not appear to be related to your current problem. If you can run

Wazuh version 4.12.0 Component Wazuh manager Install type Manager Install method Docker Compose (

Thanks for the reply Nahuel. But I'm still confused. What do you mean by “our own custom

Dom, I was not able to find a sample event either. Let us know as soon as you get hold of one so we

Thanks .. it worked On Wednesday, November 26, 2025 at 11:04:30 PM UTC+5:30 Mauricio Aguilar wrote:

Hi, Using the shared sample log, I am unable to test it in the Wazuh Logtest tool because it does not