Hello,
I updated Wazuh to version 4.3.7, I saw that there was the CIS benchmark for Windows 11 21H2 included in the update. I tried to activate it by following the documentation here:
https://documentation.wazuh.com/current/user-manual/capabilities/sec-config-assessment/how-to-configure.html#how-to-share-policy-files-and-configuration-with-the-wazuh-agents
When I go, on wazuh, in SCA, then in CIS Benchmark for Windows 11 Enterprise (Release 21H2), it does not load and I have an error. (See screenshot)
I saw that the file cis_win11_enterprise.yml does not go up on the agent in ruleset/sca but it is well present in the shared folder.
So, I put in agent.conf:
  <sca>
   <policies>
    <policy enabled="yes">C:\Program Files (x86)\ossec-agent\shared\cis_win11_enterprise.yml</policy>
   </policies>
  </sca>In ossec.conf:
 <sca>
   <enabled>yes</enabled>
   <scan_on_start>yes</scan_on_start>
   <interval>12h</interval>
   <skip_nfs>yes</skip_nfs>
 </sca>Now I can see the Windows 11 SCA in Wazuh, but when I go to it I get an error:
The filter contains invalid charactersAnd when I click on Full view:
createError@https://<IP>/1/bundles/plugin/wazuh/wazuh.plugin.js:2:31654
settle@https://<IP>/1/bundles/plugin/wazuh/wazuh.plugin.js:8:15184
onloadend@https://<IP>/1/bundles/plugin/wazuh/wazuh.plugin.js:2:29453In api.log I find this:
2022/08/31 16:10:59 INFO: wazuh-wui <IP> "GET /sca/001" with parameters {"q": "policy_id=cis_win11_enterprise_21H2"} and body {} done in 0.062s: 200
2022/08/31 16:11:09 ERROR: Timeout executing API requestI increased the timeout in the wazuh configuration, but it doesn't change anything.
Wazuh 4.3.7 is installed on a Ubuntu 22.04 server and the agent is on a windows 11 PC.
Would you have an idea ?