Auto deploy agent scripts

[Julián Lliteras]

I want to deploy agents scripts in the manager shared folder and then create active reponse with these scripts. I dont want deploy wazuh scripts out of his scope using GPOs or other deployment software. So I can make scripts on manager and create response all in-the-box. But I have a trouble, active response scripts must be in BIN folder, while config is replicated via shared so scripts cannot be executed. Is there any way to deploy scripts from manager only?

Greetings

Julian

[Diego Cappri]

Hi Julian. Unfortunately, Wazuh cannot deploy Active Response scripts from the manager to the agents. This is by design: the shared folder only synchronizes configuration, and executable scripts are intentionally not replicated for security reasons, Wazuh avoids automatically distributing code to agents to prevent the risk of unauthorized or malicious binaries being propagated across the environment. Because of that, all custom Active Response scripts must already exist on each agent under: active-response/bin/ and need to be deployed through an external mechanism (GPO, Ansible, SCCM, SSH/WinRM, or bundled inside a WPK upgrade).

Regards.

Diego.