Vulnerabilities Dashboard
1,459 views
Skip to first unread message
Mohd Imran
Jun 21, 2022, 9:51:46 PM6/21/22
to Wazuh mailing list
Hi
i got some question regarding vulnerabilities detection
1)
is there a way to show Vulnerabilities Dashboard for overall agents (overall view). after i upgraded to 4.3.4 the overall dahsboard is not showing anything except to select agent like below picture
but if i go the specific agent, it can show that particular vulnerabilities
2) after ugrading to 4.3.4, the latest scan doesnt detect already detected vulnerability in the events tab. for example before upgrading, every scheduled scan shows the vulnerabilities but after upgrade new scan doesnt show the update
pic below: after ugpgrade show last detect on 20th june (last scanned was today 22th) june
pic below : before upgrade
appreciate the feedback
thank you
Aditya Sharma
Jun 21, 2022, 11:02:57 PM6/21/22
to Wazuh mailing list
Hi Imran, Thanks for using Wazuh!
Let me explain to you how the Vulnerabilities work now:
Let me explain to you how the Vulnerabilities work now:
Vulnerability data is now managed through the vulnerability detector module on a per-agent basis. Three new panels have been added to the Inventory tab:
- Severity: visualization
- Details: stats
- Summary: visualization with selector by field
The vulnerabilities dashboard was not showing information correctly. In addition, Wazuh 4.3 went through some changes, and data related to vulnerabilities is stored in the WazuhDB. Queries for multiple agents are not supported so it's not possible to build a dashboard and reports for multiple agents.
We are also working on redesigning Vulnerabilities and for that we will let you know asap. But for now we have workaround also to see that data correctly below:
You can query the events for all agents with he following
filters:rule.groups: vulnerability-detector
data.vulnerability.status: Active
We are also working on redesigning Vulnerabilities and for that we will let you know asap. But for now we have workaround also to see that data correctly below:
You can query the events for all agents with he following
filters:rule.groups: vulnerability-detector
data.vulnerability.status: Active
With those two filters you should be able to see all active vulnerabilities in all endpoints. The security events dashboard can give you a similar functionality as the old vulnerability dashboard. 
I hope this helps you. Don't hesitate to ask your questions/concerns. We are very happy to help you.
Regards
Aditya Sharma
I hope this helps you. Don't hesitate to ask your questions/concerns. We are very happy to help you.
Regards
Aditya Sharma
Mohd Imran
Jun 26, 2022, 10:51:54 PM6/26/22
to Wazuh mailing list
many thanks for the reply. cant wait for the next feature update.
Reply all
Reply to author
Forward
0 new messages