Hi Henrique,
Thanks for use Wazuh!
Yes, you can clean up CIS information. First, you need to stop Wazuh manager. Then, check your agent ID, you can found this ID number on your
Wazuh GUI dashboard dropdown menu > Agents.
After that, you have to delete a few tables using
sqlite3 from your agent database. Follow the next commands:
systemctl stop wazuh-manager
sqlite3 /var/ossec/queue/db/"YOUR-AGENT-ID".db 'DELETE FROM sca_check';
sqlite3 /var/ossec/queue/db/"YOUR-AGENT-ID".db 'DELETE FROM sca_check_compliance';
sqlite3 /var/ossec/queue/db/"YOUR-AGENT-ID".db 'DELETE FROM sca_check_rules';
sqlite3 /var/ossec/queue/db/"YOUR-AGENT-ID".db 'DELETE FROM sca_policy';
sqlite3 /var/ossec/queue/db/"YOUR-AGENT-ID".db 'DELETE FROM sca_scan_info';
systemctl start wazuh-manager
Remember to change
"YOUR-AGENT-ID", and then start again your Wazuh manager. After that, you will see on your Wazuh GUI dashboard that your CIS data is clear. Now you can run a new CIS evaluation, here you have more information on CIS evaluation and intervals.
Regards,
Matías.