Vulnerability detection
208 views
Skip to first unread message
Romain Hennebois
Sep 10, 2024, 9:29:41 AM9/10/24
to Wazuh | Mailing List
Hi guys,
I need help with vulnerability detection and webhook integration.
I am currently using wazuh 4.9.0, everything is working fine except vulnerability detection events. it shows "No results match your search criteria" but in vulnerability detection dashboard it shows data, same in inventory. What can I do to fix this. (See screenshot).
For webhook integration it was working fine but since some updates it doesn't work anymore. What can I do to fix this? (See screenshot)
I need help with vulnerability detection and webhook integration.
I am currently using wazuh 4.9.0, everything is working fine except vulnerability detection events. it shows "No results match your search criteria" but in vulnerability detection dashboard it shows data, same in inventory. What can I do to fix this. (See screenshot).
For webhook integration it was working fine but since some updates it doesn't work anymore. What can I do to fix this? (See screenshot)
Othniel Ebolum
Sep 10, 2024, 1:57:18 PM9/10/24
to Wazuh | Mailing List
Hello Romain,
Kindly go through the How it Works guide for the vulnerability detection module and see how alerts are generated for vulnerabilities, from your screenshot shared i can see that you have no specific agent in view. Click on Explore Agents and choose any of your online monitored agents to see if Alerts are displayed.
For the webhook integration, I would request you test with another tag as i see in your configuration it is collecting from the vulnerability detector that we have seen don't have any alerts generated, For us to confirm it is working as it should kindly test with something else. I'd like you to please reference this guide for assistance.
Best Regards,
Heverton Muller
Sep 11, 2024, 12:33:51 AM9/11/24
to Wazuh | Mailing List
Hello, my vulnerability Management module is stuck since the 4.8 update.
2024/09/10 03:30:21 wazuh-remoted: WARNING: Agent key already in use: agent ID '084'
2024/09/10 03:30:31 wazuh-remoted: WARNING: Agent key already in use: agent ID '084'
2024/09/10 04:30:26 wazuh-remoted: WARNING: Agent key already in use: agent ID '039'
2024/09/10 04:30:37 wazuh-remoted: WARNING: Agent key already in use: agent ID '039'
2024/09/10 10:09:31 wazuh-remoted: ERROR: IP address family '0': 'AF_UNSPEC' not supported.
2024/09/10 10:09:32 wazuh-remoted: WARNING: Package dropped. Could not append data into buffer.
2024/09/10 10:09:32 wazuh-remoted: WARNING: Package dropped. Could not append data into buffer.
2024/09/10 10:15:01 wazuh-authd: WARNING: Duplicate name 'RG2SRV0114', rejecting enrollment. Agent '035' can't be replaced since it is not di
sconnected.
2024/09/10 10:15:01 wazuh-authd: WARNING: Duplicate name 'RG2SRV0488', rejecting enrollment. Agent '169' can't be replaced since it is not di
sconnected.
2024/09/10 10:15:01 wazuh-authd: WARNING: Duplicate name 'RG2SRV0015', rejecting enrollment. Agent '069' can't be replaced since it is not di
sconnected.
2024/09/10 10:15:06 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-rg2srv0469', r
etrying until the connection is successful.
2024/09/10 10:15:06 wazuh-modulesd:vulnerability-scanner: ERROR: VulnerabilityScannerFacade :: start: Failed to open RocksDB database. Reason:
While opening a file for sequentially reading: queue/vd/event/MANIFEST-000005: No such file or directory.
2024/09/10 10:19:19 indexer-connector: WARNING: IndexerConnector initialization failed for index 'wazuh-states-vulnerabilities-rg2srv0469', r
etrying until the connection is successful.
2024/09/10 10:19:19 wazuh-modulesd: vulnerability-scanner: ERROR: VulnerabilityScannerFacade :: start: Failed to open RocksDB database. Reason:
While opening a file for sequentially reading: queue/vd/event/MANIFEST-000005: No such file or directory.
Someone can help me please? thank you.
Romain Hennebois
Sep 11, 2024, 3:52:43 AM9/11/24
to Wazuh | Mailing List
I've tried to do it agent by agent but I also get no logs and the same message.
For the webhook, it works if I don't specify vulnerability detector but I need to have the vulnerabilities for my webhook.
For the webhook, it works if I don't specify vulnerability detector but I need to have the vulnerabilities for my webhook.
Othniel Ebolum
Sep 11, 2024, 12:07:58 PM9/11/24
to Wazuh | Mailing List
Hello Romain,
Kindly go through the upgrade troubleshooting guide and see if any of the recommendations there work.
Best Regards,
Romain Hennebois
Feb 24, 2025, 6:01:18 AM2/24/25
to Wazuh | Mailing List
Hello everyone,
I'm back after a long time.
I'm still having the same problem with the Vulnerability Detection module.
I see data in the Dashboard of the Vulnerability Detection section.
Same for Inventory, but for the Events menu I still have the following message: "No results match your search criteria".
The Vulnerability Detection module is well configured and active.
Also, there are no error logs in ossec.log.
Does anyone have any help?
I'm back after a long time.
I'm still having the same problem with the Vulnerability Detection module.
I see data in the Dashboard of the Vulnerability Detection section.
Same for Inventory, but for the Events menu I still have the following message: "No results match your search criteria".
The Vulnerability Detection module is well configured and active.
Also, there are no error logs in ossec.log.
Does anyone have any help?
Reply all
Reply to author
Forward
0 new messages