Wazuh integration virustotal: windows agent

[Muhammad Akmalul Hakim Samsuri]

Hello,

I want to integrate virustotal into wazuh and use window as agent but facing problem.. there's nothing triggered in virustotal dashboard after unzip malware inside directory set in fim. Here im attached the file for manager, local rules and agent..

ORENG ACADEMY SDN BHD CONFIDENTIALITY NOTICE & DISCLAIMER 

The contents of this e-mail and its attachment, if any ("message") are intended for the named addressee only and may contain confidential information. If you are not the named addressee, you must not copy this message or disclose it to any other person. If you received this message by error, you should delete this message immediately and notify the sender by return e-mail. 

ORENG ACADEMY SDN BHD disclaims all liability for any error, loss or damage arising from this message being infected by computer virus or other malicious software. The views and other information in this message that do not relate to the official business of ORENG ACADEMY shall not be deemed provided nor endorsed by ORENG ACADEMY SDN BHD

[Matias Pereyra]

Hello!

Thank you for the configuration files provided but I'm afraid I'll need information to properly assist you.

We first need to determine if the problem is when the alerts is generated or when it's sent to the VirusTotal integration.
What Wazuh version are you using? Are the common FIM alerts working in that folder (new file, file modified, etc.)? What is the folder you're testing? What is the malware you've downloaded?

Have you followed the guide about VirusTotal in User manual/Capabilities/VirusTotal integration/How it works ? 

It would be important to upload the ossec.log and integration.log files of the manager to analyze them.
Also, I'm unable to download the local_rules.xml file you shared, could you please send it again?

Regards.