Wazuh 4.8 - Vulnerability Dashboard doesn't exist
38 views
Skip to first unread message
Jaime
Jul 2, 2024, 10:15:48 AM (17 hours ago) Jul 2
to Wazuh | Mailing List
Hi,
After making a clean installation of the wazuh server to 4.8.0, I don't know why the vulnerability module doesn't work. I have wazuh on a docker container
My server ossec.conf has the following:
```
<vulnerability-detection>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://0.0.0.0:9200</host>
</hosts>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/filebeat.pem</certificate>
<key>/etc/filebeat/certs/filebeat-key.pem</key>
</ssl>
</indexer>
<enabled>yes</enabled>
<index-status>yes</index-status>
<feed-update-interval>60m</feed-update-interval>
</vulnerability-detection>
<indexer>
<enabled>yes</enabled>
<hosts>
<host>https://0.0.0.0:9200</host>
</hosts>
<ssl>
<certificate_authorities>
<ca>/etc/filebeat/certs/root-ca.pem</ca>
</certificate_authorities>
<certificate>/etc/filebeat/certs/filebeat.pem</certificate>
<key>/etc/filebeat/certs/filebeat-key.pem</key>
</ssl>
</indexer>
```
and the agents have this, as it marks the docs:
<!-- System inventory -->
<wodle name="syscollector">
<disabled>no</disabled>
<interval>1h</interval>
<scan_on_start>yes</scan_on_start>
<hardware>yes</hardware>
<os>yes</os>
<network>yes</network>
<packages>yes</packages>
<ports all="no">yes</ports>
<processes>yes</processes>
<synchronization>
<max_eps>10</max_eps>
</synchronization>
</wodle>
<!-- System inventory -->
<wodle name="syscollector">
<disabled>no</disabled>
<interval>1h</interval>
<scan_on_start>yes</scan_on_start>
<hardware>yes</hardware>
<os>yes</os>
<network>yes</network>
<packages>yes</packages>
<ports all="no">yes</ports>
<processes>yes</processes>
<synchronization>
<max_eps>10</max_eps>
</synchronization>
</wodle>
Logs say the following:
bash-5.2# cat /var/ossec/logs/ossec.log | grep vulnerability
2024/07/02 07:20:49 wazuh-modulesd:vulnerability-scanner: ERROR: VulnerabilityScannerFacade::initEventDispatcher: Empty OS data from Wazuh-DB (agent 829).
2024/07/02 09:43:13 wazuh-modulesd:vulnerability-scanner: INFO: Stopping vulnerability_scanner module.
2024/07/02 09:43:24 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/07/02 09:46:44 wazuh-modulesd:vulnerability-scanner: INFO: Stopping vulnerability_scanner module.
2024/07/02 09:47:07 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/07/02 09:56:45 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started
2024/07/02 11:31:31 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/07/02 11:35:06 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/07/02 11:44:58 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/07/02 11:56:15 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started
2024/07/02 13:17:05 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/07/02 13:28:30 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started
bash-5.2# cat /var/ossec/logs/ossec.log | grep vulnerability
2024/07/02 07:20:49 wazuh-modulesd:vulnerability-scanner: ERROR: VulnerabilityScannerFacade::initEventDispatcher: Empty OS data from Wazuh-DB (agent 829).
2024/07/02 09:43:13 wazuh-modulesd:vulnerability-scanner: INFO: Stopping vulnerability_scanner module.
2024/07/02 09:43:24 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/07/02 09:46:44 wazuh-modulesd:vulnerability-scanner: INFO: Stopping vulnerability_scanner module.
2024/07/02 09:47:07 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/07/02 09:56:45 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started
2024/07/02 11:31:31 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/07/02 11:35:06 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/07/02 11:44:58 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/07/02 11:56:15 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started
2024/07/02 13:17:05 wazuh-modulesd:vulnerability-scanner: INFO: Starting vulnerability_scanner module.
2024/07/02 13:28:30 wazuh-modulesd:vulnerability-scanner: INFO: Vulnerability scanner module started
bash-5.2# cat /var/ossec/logs/ossec.log | grep indexer-connector
2024/07/02 09:43:13 indexer-connector: WARNING: Failed to sync agent '278' with the indexer.
2024/07/02 09:43:13 indexer-connector: WARNING: Failed to sync agent '475' with the indexer.
2024/07/02 09:43:13 indexer-connector: WARNING: Failed to sync agent '278' with the indexer.
2024/07/02 09:43:13 indexer-connector: WARNING: Failed to sync agent '475' with the indexer.
.......
2024/07/02 09:43:13 indexer-connector: WARNING: Failed to sync agent '794' with the indexer.
2024/07/02 09:43:13 indexer-connector: WARNING: Failed to sync agent '208' with the indexer.
2024/07/02 09:56:43 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh-mgr.sonoc.io', retrying until the connection is successful.
2024/07/02 11:56:14 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh-mgr.sonoc.io', retrying until the connection is successful.
2024/07/02 13:28:29 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh-mgr.sonoc.io', retrying until the connection is successful.
Any help pls?
2024/07/02 09:43:13 indexer-connector: WARNING: Failed to sync agent '208' with the indexer.
2024/07/02 09:56:43 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh-mgr.sonoc.io', retrying until the connection is successful.
2024/07/02 11:56:14 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh-mgr.sonoc.io', retrying until the connection is successful.
2024/07/02 13:28:29 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-wazuh-mgr.sonoc.io', retrying until the connection is successful.
Any help pls?
Marcos Darío Buslaiman
Jul 2, 2024, 11:08:54 AM (16 hours ago) Jul 2
to Wazuh | Mailing List
Hi Jaime,
I will verify this according to the information that you shared.
In the meantime, could you please execute the following verification to check the index status and health?
On Menu select Index Management --> Dev Tools.
GET _cat/indices/*vulnera*?v
GET _cluster/health
GET _cluster/health
Jaime
Jul 2, 2024, 11:33:45 AM (16 hours ago) Jul 2
to Wazuh | Mailing List
Jaime
Jul 2, 2024, 11:34:33 AM (16 hours ago) Jul 2
to Wazuh | Mailing List
I have it on a single node installation, if it helps
Marcos Darío Buslaiman
Jul 2, 2024, 1:55:08 PM (14 hours ago) Jul 2
to Wazuh | Mailing List
Hi Jaime,
You are executing this in the Wazuh API console; we need to check these requests on the Wazuh Indexer API. (it has the same name, "Dev tools")
Reply all
Reply to author
Forward
0 new messages