MITRE and Security events empty

388 views
Skip to first unread message

MajorFudge

unread,
Oct 26, 2023, 9:51:40 AM10/26/23
to Wazuh | Mailing List
Hello team,
I'm running Wazuh v4.4.4.
I have enrolled several agents and I receive a lot of logs and alerts according to the rules.
But when I try to check MITRE ATT&CK events, it is completely empty.

Here is a screenshot from Wazuh >> <Agent name> >>  MITRE ATT&CK >> Dashboards:
Screenshot 2023-10-26 at 15.41.45.png

The same thing with Wazuh >> <Agent name> >>  MITRE ATT&CK >>Events.
Screenshot 2023-10-26 at 15.43.09.png

Is it the correct way to implement MITRE check ups?

Also I don't see anything from the Wazuh >> <Agent name> >> Security events:
Screenshot 2023-10-26 at 15.44.07.png

Connectivity with agent is OK:
Screenshot 2023-10-26 at 15.47.39.png

Kevin Ledesma

unread,
Oct 26, 2023, 11:21:04 AM10/26/23
to Wazuh | Mailing List
Hello! 

First of all, thanks for all the info about your system. 
Well, everything seems to be OK so, have you tried to get an MITRE event as in this documentation example
(you can also check the blog post -> Emulation of ATT&CK techniques and detection with Wazuh)

Probably you are not being able to see any MITER alerts because so far, no event has matched it (the rules that raise an MITRE event must have the <mitre> tag on its body).

I hope my answer is helpful!
Reply all
Reply to author
Forward
0 new messages