Wazuh | Mailing List

I am trying to automate SOC processes using Shuffle, and for this purpose I am using webhooks and the

Hello Again, issue was fixed after restart these services: root@wazuh:/var/ossec/etc# /var/ossec/bin/

Symantec has three types of syslog, and I tried them. Here is an example of each: RFC 5424 with

Hi Amin, You should use the App Role value, not the display name. regards, On Monday, January 12,

Notice: The custom rule described above can be set by either overwriting the original rule or by

Hi, While configuring FIM to scan a few NFS volumes, the FIM database gets created as expected.

Hi Team, We have enabled Syscheck/FIM monitoring for NFS filesystems with realtime=no and have been

Hi Muhammad Ali You need to do all these steps to resolve the storage issue. First, start by deleting

Hello, Thank you for your help! The logs now show up in archives.log, but they are not in the

Hi, it seems the problem could be difficult to debug if this is not reproducible in a consistent way.

You can upgrade your agent's to get the updated policies after the update. But please keep in

Hello Thank you for your reply. I'm beginner to Amazon linux 2023, can you please kindly let me

Hi Hasitha, Is there any way we can get this wazuh alert dashboard on wazuh? As the plugin you stated

Hi, Based on your questions, please find the recommendations below. For tuning the Wazuh server to

Hi Jack, You can share the SCA yml policy file from the manager to the agent's endpoints and use

Hello! Thanks for the quick reply. 1. root@indexer:/home/oib_user# systemctl status wazuh-indexer ●

Hi, If you want a specific rule description when the location field value is /var/prod-prod, you need

Hello jackma...@gmail.com Yes, this approach is valid and it fits well with Wazuh capabilities.

Hi Scope the correlation to the agent/location by adding <same_location /> to each “high usage”

Hi Brenno, The recommended approach to create data visualizations for alert data is to use the Custom

Hi Muhammad, I will forward your question to the Indexer team and get back to you as soon as possible

Hello Chi Bùi Quỳnh To add: I have the same exact setup for over 1 year now with double the VMs you

Hi Mohand, this is the official documentation for backup/restore: https://documentation.wazuh.com/

Hi Bony, We are still waiting for your support to complete the YARA integration.Please let us know

Hi, Thankyou for the suggestions, currently the replicas are already set to 0. I have deleted

everything look like this but still no vulnerability is showing <vulnerability-detection> <

This issue could be related to the operating system. While AlmaLinux is officially supported for the

Hello, I figured out the problem. On worker node wazuh-analysisd not running... Apparently, the agent

Hi Rahul, Your configuration appears to be correct, as outlined here: To check if log duplication is

Thanks, Himanshu. This helped a lot. As a follow-up to the above questions (sorry to piggyback on the