Wazuh | Mailing List

Wazuh and Sysmon are two different products. You can have both installed without any issues. In fact,

It's a system index, so you can't modify directly from the dashboard. Run the following

In your agent.conf(agent group configuration), I can see this configuration. <alert_new_files>

Hi Johny, You are completely correct in your observation. The condition field (eg, "Package less

I still have the same error root@ubuntu-wazuh:/var/ossec/integrations# ls -l total 76 -rwxr-x--- 1

Hello Paul, Thanks for reporting this. To help you best, I need a little more context about your

Hello Yartax, To clarify your statement, are you saying that you installed rsyslog directly on the

Thanks for sharing your thoughts, I totally understand your point. Having the manager deploy scripts

Hello devs, I believe you need to expand the scope of your current rule setup to correlate events for

Thank you for the information. I'm going to request more details: 1: I need you to share the OS

Hello, Auditd can generate multiple records for a single action, especially when a syscall triggers

Hello Yogi, Please try the rule below and let me know if it works for you. <rule id="11000

Excellent Bayu!! On Sunday, November 30, 2025 at 2:54:12 AM UTC-3 Bayu Sangkaya wrote: Ah I see,

Dear Wazuh Team I am having the issue with IT Hygiene where no data is being displayed. Could you

Hi, I'm working on a decoder for events from Hirschmann switches. I don't know what I'm

Hi Reinstall Wazuh from sources and perform the following to include GeoLite2 database: Install

Perfect. Let's take a deeper look into your environment. Verify that the Wazuh manager is

Hello, You can integrate MISP to coress check your data from the alerts with MISP IOCs once the

Hi Nikolay You can check the status of the processes of wazuh, Based on what we see, you should have

As we couldn't resolve the issue, we performed a backup of the server (hopefully we have this

Hi Lucas, You can create a custom rule that using a parent rule 40101. To ignore alerts for specific

Hello, I"m working with MAx, then let me give you more details. 1/ It is not related to Alerts (

Hello Stefanny, The rules should look like this <group name="windows,logon_unusual_detection,

Jonathan, To archive the logs, you need to enable the archiving following this guide: https://

Hi Vanderson, It's hard to tell by just seeing this error. But you can enable the debug mode and

Are these agents on user workstations that shutdown at the end of the workday? The user can indeed

Done The problem was the flag <smtp_server>smtp-server.com </smtp_server> over ossec.conf

Hi Joaquim, Thank you for your question. Wazuh provides internal statistics, such as remoted.

Agents use an in-memory leaky bucket buffer to hold events temporarily when the manager is

Hi MaP, The issue you mentioned does not appear to be related to your current problem. If you can run