You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Wazuh mailing list
Hi Team,
We have ingested Cisco Umbrella logs as per the official documentation, the logs are received in the Wazuh manager console but there is no decoder matching to decode logs from Cisco Umbrella. I have attached the result of running the logtest tool and the logs from wazuh for your better understanding of the issue.
Could you please let me know on how to resolve the above issue? Is there any decoder that pre-exists in the wazuh manager? or if how can i write or create custom rules or alerts?
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Wazuh mailing list
Hello Vault,
Thank you for choosing Wazuh.
Please be informed that there are no decoders and rules for Cisco Umbrella logs existing in the current version of Wazuh. However, you can create a custom decoder/rule easily by following our guide:
Upon creating the custom decoders and rules, alert will be generated on the dashboard. Should you require further assistance, do not hesitate to reach out.