How many time Wazuh vulnerability scan 1 time ?

1,018 views
Skip to first unread message

Le Sok

unread,
Oct 20, 2023, 3:19:10 AM10/20/23
to Wazuh | Mailing List
Hi everyone,
I wonder how many time wazuh vulnerability scan 1 time, I created wazuh agent yesterday until now I check wazuh manager not scan yet I dont know why ? Can i configuration vulnerability 1 hour 1 time or not ?
Btes regards.

2023-10-20_14-04-59.png

Md. Nazmur Sakib

unread,
Oct 20, 2023, 4:42:00 AM10/20/23
to Wazuh | Mailing List

Hi Le Sok,


Hope you are doing well. Thank you for using Wazuh.


If you check the configuration file of ossec.conf of manager inside <vulnerability-detector> you will find 


  <interval>5m</interval>

   <min_full_scan_interval>6h</min_full_scan_interval>

   <run_on_start>yes</run_on_start>

Min_full_scan_interval: The time during which a full scan will not be performed even if the database of vulnerabilities is updated. When this time expires, a full scan will be performed only if the CVEs database has changed.


Interval: Time between vulnerability scans.


Run_on_start: Runs updates and vulnerability scans immediately when the service is started.


Check this document to learn more:

https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/vuln-detector.html



Currently, Wazuh has three different types of scans.


  • Baseline: The Vulnerability Detector triggers this scan type the first time you enable the module. The Vulnerability Detector performs a full scan of the operating system and every package installed. It creates a CVE inventory and generates an alert for each vulnerability.

  • Full scan: The Vulnerability Detector scans every installed package and operating system in this scan type. It runs only when the configured min_full_scan_interval expires and when the CVEs database contains new information. As a result, Wazuh generates alerts when there is any update/change in the vulnerability inventory.

  • Partial scan: The Vulnerability Detector only scans new packages. As a result, Wazuh generates alerts when there is any update/change in the CVE inventory.


Check this document to learn more:

https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/scan-types.html


To configure full scan every 1 hour. Update the following configuration.


<min_full_scan_interval>6h</min_full_scan_interval>



I hope this helps. Let me know if you need any further information.


Regards

Md. Nazmur Sakib

Reply all
Reply to author
Forward
0 new messages