MITRE ATT&CK
52 views
Skip to first unread message
Anastasia Bataeva
Oct 15, 2025, 2:39:26 AM (4 days ago) Oct 15
to Wazuh | Mailing List
Good afternoon. Help please. MITRE ATT&CK is not working. An error is returned (shown in the screenshot). There are no dashboards. There is also a problem with vulnerability detection (none at all). There have been no events for a very long time. What could be the reason for this?
Movavi everywhere, every day
Carlos Anguita López
Oct 15, 2025, 4:42:21 AM (4 days ago) Oct 15
to Wazuh | Mailing List
Hello, could you please answer the following questions?
Which version of Wazuh have you installed?
What type of installation did you do, all-in-one or distributed?
What installation method did you follow?
And finally, could you share the ossec.log so we can look for information that might tell us why it is failing?
Finally, here is the documentation about the MITRE ATTACK module: documentation.wazuh.com/current/user-manual/ruleset/mitre.html#mitre-att-ck-framework
Which version of Wazuh have you installed?
What type of installation did you do, all-in-one or distributed?
What installation method did you follow?
And finally, could you share the ossec.log so we can look for information that might tell us why it is failing?
Finally, here is the documentation about the MITRE ATTACK module: documentation.wazuh.com/current/user-manual/ruleset/mitre.html#mitre-att-ck-framework
Anastasia Bataeva
Oct 15, 2025, 7:20:16 AM (4 days ago) Oct 15
to Wazuh | Mailing List
1. WAZUH_VERSION="v4.12.0"
2. distributed
3. installation on the server and distribution to agents 4. cat /var/ossec/logs/ossec.log
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-monitord: INFO: Starting new log after rotation.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
The output is very large, a fragment is attached. The problem is that initially everything worked, but at a certain point it stopped.
2. distributed
3. installation on the server and distribution to agents 4. cat /var/ossec/logs/ossec.log
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-monitord: INFO: Starting new log after rotation.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
2025/10/15 04:48:09 wazuh-analysisd: WARNING: Mitre Technique ID 'T1078' not found in database.
The output is very large, a fragment is attached. The problem is that initially everything worked, but at a certain point it stopped.
среда, 15 октября 2025 г. в 15:42:21 UTC+7, Carlos Anguita López:
Movavi everywhere, every day
Carlos Anguita López
Oct 15, 2025, 11:40:10 AM (4 days ago) Oct 15
to Wazuh | Mailing List
Hello,
It is important that you share more content from ossec.log as I need to see the error you are getting.
You should see an error like this:
wazuh-db: ERROR: Can't open SQLite database ‘var/db/mitre.db’: unable to open database file
Please check that this file exists: ls -lha var/ossec/var/db
If it exists, try the following using sqlite and share the output, please:
# sqlite3 var/ossec/var/db/mitre.db
sqlite> .tables
sqlite> SELECT * FROM tactic;
sqlite> SELECT * FROM technique;
sqlite> SELECT * FROM platform;
Reply all
Reply to author
Forward
0 new messages