Excluding a single agent feom VirusTotal checks
94 views
Skip to first unread message
toddehb
Oct 25, 2023, 5:06:58 AM10/25/23
to Wazuh | Mailing List
Hi,
I am using the free version of VirusTotal, which is limiting me to a certain amount of checks a day. The whole Wazuh setup is in my homelab and there I got 1 machine, which is running pihole. This single machine is consuming 90% of the VirusTotal checks. I want to exclude that agent from using VirusTotal checks. Could that be possible?
cheers, toddehb
Oluwaseyi Soneye
Oct 25, 2023, 5:30:31 AM10/25/23
to Wazuh | Mailing List
Hello @toddehd,
The VirusTotal integration works in collaboration with the Wazuh FIM module (More information here - https://documentation.wazuh.com/current/user-manual/capabilities/malware-detection/virus-total-integration.html). It uses the VirusTotal API to detect malicious content
within the files and directories monitored by the File Integrity
Monitoring capability of Wazuh.
You can stop VirusTotal from running scans by disabling FIM on the agent. To do this,
modify the following configuration in the /var/ossec/etc/ossec.conf file:You can stop VirusTotal from running scans by disabling FIM on the agent. To do this,
<syscheck>
...
<disabled>yes</disabled>
...
</syscheck>
toddehb
Oct 25, 2023, 5:39:30 AM10/25/23
to Wazuh | Mailing List
Ok, but I don't like to disable FIM completely. Is that the only way?
toddehb
Nov 17, 2023, 11:25:29 AM11/17/23
to Wazuh | Mailing List
Any response?
Reply all
Reply to author
Forward
0 new messages