Wazuh | Mailing List

Please find the requested data below JSON { "_index": "wazuh-alerts-4.x-2026.05.23

Hi George, If you still need help with this, please feel free to share some sample logs. I'll

Muchas gracias, Luciano. Lo tengo instalado en una máquina virtual como prueba con dos agentes

Hi Stefan, Your diagnosis is correct. The issue is caused by a mapping collision between Fortigate

Hello, For a start, you only need the full_log section of the log you shared to test as this

Hi Farid, let me add the link to the official documentation, for your reference: https://

Hi John ! The ID's from agent's: For example, ID 3 is currently 112. Is there a way to remap

Hi Team, Wazuh has a built-in capability for file integrity monitoring. The Wazuh FIM module monitors

Hi gustavo, Thanks for the details. Is there any Wazuh documentation that explains how jq is used for

Hello John, A couple of things to check and fix before the next test run. 1. roles_mapping.yml —

Hello German, This behavior is related to current limitations in the Wazuh rules engine when

Hello, The easiest way to validate a rule is by using the wazuh-logtest engine on the manager. Run: /

Hi, The "database is locked" error (exit code 12) in the AWS module occurs when the SQLite

Hi, Before we can pinpoint the exact cause of the 2-6 hour log delay, we need to clarify whether this

Hi John, Worked perfectly thank you for the support. Regards Diwahar On Wednesday, May 20, 2026 at 10

Hi, Based on your requirement, I tried to replicate this on my end, and it seems that using the Wazuh

Hello, I tested it and it works fine now. Thank you for the clarification. I understand now why the

Hello, There are no problems with your setup. What you experience usually means, the actual traffic

Hi Max, Based on my findings, you can use the Wazuh module for Azure or the Wazuh module for

Hi, Once again, thank you. Let me try this out, and if I face any issues, I'll get back to you.

Hello Brenno, First, you can find the architecture and deployment recommendations in the

Hi, From the shared details, there does not seem to be any error on the agent side related to

Hi, Regarding the dynamic approach for user LLM usage detection, I shared another approach along with

The configurations look good to me. Wazuh does not trigger any alerts for the base level scan(for the

Hi, Thank you for raising this critical point. Analyzing component-level threats is an essential

Hello Megan, So I was able to reproduce the detection workflow, please see attached screenshots for

Hi Nazmur, It is working perfectly fine. Regards Diwahar On Thursday, May 7, 2026 at 7:19:45 PM UTC+5

Hi ekta I have created custom decoders for your sample logs. You can add these decoders to a custom

Hello Chandra, I was on vacation, hence my inability to respond. Please confirm if you are still

Hi Team, I would also like to know if there is any recommended whitelist of domains/endpoints