No events in Vulnerability Detection

[Piotr]

Hello Wazuh Team,

I installed for testing new clear  Wazuh 4.8.1 single node docker installation.  This is the simplest installation without any modifications.  I added one agent there.  I noticed that I couldn't see Events in Vulnerability Detection. Dashboard and Inventory shows data, but Events no. 

[Santiago Padilla Alvarez]

Hi,

this is expected behaviour.
When you install Wazuh for the first time you will not see events in the vulnerability detection section.
The events will appear when:

1) we install a vulnerable package, showing us a new vulnerability(s) as ‘active’.

2) we uninstall or update an existing vulnerable package, showing that vulnerability or vulnerabilities as ‘solved’.

I hope this is helpful,
Best regards!

[Piotr]

Hi,

Thank you for your quick reply. I tested it and I see another problem.  I installed various packages in old versions on the test machine, restarted agent and set wazuh_modules.debug=2. 

Of course, nothing new appears on the Dashboard/Inventory/Events.

tail -f /dane/docker/volumes/single-node_wazuh_logs/_data/ossec.log
2024/08/22 09:20:36 wazuh-modulesd:vulnerability-scanner[688] packageScanner.hpp:348 at vendorVerify(): DEBUG: The vendor is not the same for Package: openssh, Version: 8.7p1-10.el9_0, CVE: CVE-2023-48795, Content vendor: openbsd, Package vendor: oracle america
2024/08/22 09:20:36 wazuh-modulesd:vulnerability-scanner[688] packageScanner.hpp:348 at vendorVerify(): DEBUG: The vendor is not the same for Package: openssh, Version: 8.7p1-10.el9_0, CVE: CVE-2023-51384, Content vendor: openbsd, Package vendor: oracle america
2024/08/22 09:20:36 wazuh-modulesd:vulnerability-scanner[688] packageScanner.hpp:348 at vendorVerify(): DEBUG: The vendor is not the same for Package: openssh, Version: 8.7p1-10.el9_0, CVE: CVE-2023-51385, Content vendor: openbsd, Package vendor: oracle america
2024/08/22 09:20:36 wazuh-modulesd:vulnerability-scanner[688] packageScanner.hpp:348 at vendorVerify(): DEBUG: The vendor is not the same for Package: openssh, Version: 8.7p1-10.el9_0, CVE: CVE-2023-51767, Content vendor: openbsd, Package vendor: oracle america
2024/08/22 09:20:36 wazuh-modulesd:vulnerability-scanner[688] packageScanner.hpp:715 at handleRequest(): DEBUG: Vulnerability scan for package 'openssh' on Agent '001' has completed.
2024/08/22 09:20:36 wazuh-modulesd:vulnerability-scanner[688] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 1 processed
2024/08/22 09:20:36 wazuh-modulesd:vulnerability-scanner[688] packageScanner.hpp:167 at scanPackageTranslation(): DEBUG: Translation for package 'crypto-policies-scripts' in platform 'ol' not found. Using provided packageName.
2024/08/22 09:20:36 wazuh-modulesd:vulnerability-scanner[688] packageScanner.hpp:684 at handleRequest(): DEBUG: Initiating a vulnerability scan for package 'crypto-policies-scripts' (rpm) (oracle america) with CVE Numbering Authorities (CNA) 'nvd' on Agent 'testy-dce' (ID: '001', Version: 'v4.8.1').
2024/08/22 09:20:36 wazuh-modulesd:vulnerability-scanner[688] packageScanner.hpp:715 at handleRequest(): DEBUG: Vulnerability scan for package 'crypto-policies-scripts' on Agent '001' has completed.
2024/08/22 09:20:36 wazuh-modulesd:vulnerability-scanner[688] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 1 processed
2024/08/22 10:13:56 wazuh-modulesd:content-updater[688] action.hpp:118 at runActionScheduled(): DEBUG: Starting scheduled action for 'vulnerability_feed_manager'
2024/08/22 10:13:56 wazuh-modulesd:content-updater[688] action.hpp:210 at runAction(): DEBUG: Action for 'vulnerability_feed_manager' started
2024/08/22 10:13:56 wazuh-modulesd:content-updater[688] actionOrchestrator.hpp:242 at runContentUpdate(): DEBUG: Running 'vulnerability_feed_manager' content update
2024/08/22 10:13:56 wazuh-modulesd:content-updater[688] CtiDownloader.hpp:317 at handleRequest(): DEBUG: CtiOffsetDownloader - Starting process
2024/08/22 10:13:56 wazuh-modulesd:content-updater[688] CtiOffsetDownloader.hpp:42 at download(): DEBUG: Initial API offset: 851035
2024/08/22 10:13:56 wazuh-modulesd:content-updater[688] CtiDownloader.hpp:121 at operator()(): DEBUG: CTI raw metadata: '{"data":{"id":4,"name":"vd_4.8.0","context":"vd_1.0.0","operations":null,"inserted_at":"2023-11-23T19:34:18.698495Z","updated_at":"2024-08-20T12:18:34.058265Z","last_offset":851035,"paths_filter":null,"changes_url":"cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0/changes","last_snapshot_at":"2024-08-20T11:47:11.530327Z","last_snapshot_link":"https://cti.wazuh.com/store/contexts/vd_1.0.0/consumers/vd_4.8.0/851035_1724154431.zip","last_snapshot_offset":851035}}'
2024/08/22 10:13:56 wazuh-modulesd:content-updater[688] skipStep.hpp:48 at handleRequest(): DEBUG: SkipStep - Starting process
2024/08/22 10:13:56 wazuh-modulesd:content-updater[688] pubSubPublisher.hpp:61 at handleRequest(): DEBUG: PubSubPublisher - Starting process
2024/08/22 10:13:56 wazuh-modulesd:content-updater[688] pubSubPublisher.hpp:49 at publish(): DEBUG: No data to publish
2024/08/22 10:13:56 wazuh-modulesd:content-updater[688] skipStep.hpp:48 at handleRequest(): DEBUG: SkipStep - Starting process
2024/08/22 10:13:56 wazuh-modulesd:content-updater[688] cleanUpContent.hpp:63 at handleRequest(): DEBUG: CleanUpContent - Starting process
2024/08/22 10:13:56 wazuh-modulesd:content-updater[688] action.hpp:221 at runAction(): DEBUG: Action for 'vulnerability_feed_manager' finished
2024/08/22 10:14:05 wazuh-modulesd:syscollector[688] logging_helper.c:31 at taggedLogFunction(): INFO: Starting evaluation.
2024/08/22 10:14:05 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Starting hardware scan
2024/08/22 10:14:05 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"board_serial":"None","checksum":"3a6575c3be2b18828e7b6134ef655fde4eb19016","cpu_cores":4,"cpu_mhz":2700.0,"cpu_name":"Intel(R) Xeon(R) CPU E5-2697 v2 @ 2.70GHz","ram_free":4554000,"ram_total":7664488,"ram_usage":41,"scan_time":"2024/08/22 10:14:05"},"operation":"MODIFIED","type":"dbsync_hwinfo"}
2024/08/22 10:14:05 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Ending hardware scan
2024/08/22 10:14:05 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Starting os scan
2024/08/22 10:14:05 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"architecture":"x86_64","checksum":"1724321645843500124","hostname":"wazuh.manager","os_major":"2023","os_name":"Amazon Linux","os_platform":"amzn","os_version":"2023","release":"5.15.0-209.161.7.1.el9uek.x86_64","scan_time":"2024/08/22 10:14:05","sysname":"Linux","version":"#2 SMP Mon Aug 12 18:53:13 PDT 2024"},"operation":"MODIFIED","type":"dbsync_osinfo"}
2024/08/22 10:14:05 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Ending os scan
2024/08/22 10:14:05 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Starting network scan
2024/08/22 10:14:06 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"adapter":null,"checksum":"f1b40e0c0f28c49c99a7a7e12c30ca57b0d2694d","item_id":"d4aa8b01955e438235d586585492f3f5edceec1b","mac":"02:42:ac:12:00:02","mtu":1500,"name":"eth0","rx_bytes":5038340,"rx_dropped":0,"rx_errors":0,"rx_packets":18589,"scan_time":"2024/08/22 10:14:05","state":"up","tx_bytes":3321217,"tx_dropped":0,"tx_errors":0,"tx_packets":15808,"type":"ethernet"},"operation":"MODIFIED","type":"dbsync_network_iface"}
2024/08/22 10:14:06 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Ending network scan
2024/08/22 10:14:06 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Starting packages scan
2024/08/22 10:14:06 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Ending packages scan
2024/08/22 10:14:06 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Starting ports scan
2024/08/22 10:14:06 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Ending ports scan
2024/08/22 10:14:06 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Starting processes scan
2024/08/22 10:14:06 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":"/var/ossec/api/scripts/wazuh-apid.py","checksum":"bf887dc7eae0c45457fc169e07d0aecc2e591b57","cmd":"/var/ossec/framework/python/bin/python3","egroup":"wazuh","euser":"wazuh","fgroup":"wazuh","name":"python3","nice":0,"nlwp":12,"pgrp":394,"pid":"395","ppid":1,"priority":20,"processor":3,"resident":124328,"rgroup":"wazuh","ruser":"wazuh","scan_time":"2024/08/22 10:14:05","session":394,"sgroup":"wazuh","share":4417,"size":218758,"start_time":1724307228,"state":"S","stime":570,"suser":"wazuh","tgid":395,"tty":0,"utime":2700,"vm_size":875032},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 10:14:06 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":"/var/ossec/api/scripts/wazuh-apid.py","checksum":"b0eaac2764332680fc88512a9fc2df559b003d8e","cmd":"/var/ossec/framework/python/bin/python3","egroup":"wazuh","euser":"wazuh","fgroup":"wazuh","name":"python3","nice":0,"nlwp":1,"pgrp":394,"pid":"396","ppid":395,"priority":20,"processor":0,"resident":76144,"rgroup":"wazuh","ruser":"wazuh","scan_time":"2024/08/22 10:14:05","session":394,"sgroup":"wazuh","share":2433,"size":39953,"start_time":1724307228,"state":"S","stime":62,"suser":"wazuh","tgid":396,"tty":0,"utime":335,"vm_size":159812},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 10:14:06 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":"/var/ossec/api/scripts/wazuh-apid.py","checksum":"a6aae420a0620e298e6eb90c03705e73530c9e44","cmd":"/var/ossec/framework/python/bin/python3","egroup":"wazuh","euser":"wazuh","fgroup":"wazuh","name":"python3","nice":0,"nlwp":1,"pgrp":394,"pid":"399","ppid":395,"priority":20,"processor":1,"resident":83100,"rgroup":"wazuh","ruser":"wazuh","scan_time":"2024/08/22 10:14:05","session":394,"sgroup":"wazuh","share":2546,"size":78065,"start_time":1724307228,"state":"S","stime":98,"suser":"wazuh","tgid":399,"tty":0,"utime":4120,"vm_size":312260},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 10:14:06 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":"/var/ossec/api/scripts/wazuh-apid.py","checksum":"cc9c1eef9bcd374d78857d3ea8372493f352fb94","cmd":"/var/ossec/framework/python/bin/python3","egroup":"wazuh","euser":"wazuh","fgroup":"wazuh","name":"python3","nice":0,"nlwp":1,"pgrp":394,"pid":"402","ppid":395,"priority":20,"processor":2,"resident":63320,"rgroup":"wazuh","ruser":"wazuh","scan_time":"2024/08/22 10:14:05","session":394,"sgroup":"wazuh","share":1036,"size":111054,"start_time":1724307228,"state":"S","stime":0,"suser":"wazuh","tgid":402,"tty":0,"utime":0,"vm_size":444216},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 10:14:06 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"4f80f2d9044ee38d91e419e52e5ee8187ca025df","cmd":"/var/ossec/bin/wazuh-authd","egroup":"wazuh","euser":"root","fgroup":"wazuh","name":"wazuh-authd","nice":0,"nlwp":5,"pgrp":443,"pid":"444","ppid":1,"priority":20,"processor":2,"resident":8336,"rgroup":"wazuh","ruser":"root","scan_time":"2024/08/22 10:14:05","session":443,"sgroup":"wazuh","share":1695,"size":45661,"start_time":1724307228,"state":"S","stime":950,"suser":"root","tgid":444,"tty":0,"utime":153,"vm_size":182644},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 10:14:06 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"0d6013d012aa78f8aa6a7d91a4e5504101328dc9","cmd":"/var/ossec/bin/wazuh-db","egroup":"wazuh","euser":"wazuh","fgroup":"wazuh","name":"wazuh-db","nice":0,"nlwp":14,"pgrp":460,"pid":"461","ppid":1,"priority":20,"processor":2,"resident":23796,"rgroup":"wazuh","ruser":"wazuh","scan_time":"2024/08/22 10:14:05","session":460,"sgroup":"wazuh","share":2572,"size":232791,"start_time":1724307229,"state":"S","stime":928,"suser":"wazuh","tgid":461,"tty":0,"utime":459,"vm_size":931164},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 10:14:06 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"9d97d940d066347ecf924b030be5f7f493f72cb9","cmd":"/var/ossec/bin/wazuh-execd","egroup":"wazuh","euser":"root","fgroup":"wazuh","name":"wazuh-execd","nice":0,"nlwp":2,"pgrp":486,"pid":"487","ppid":1,"priority":20,"processor":0,"resident":3820,"rgroup":"wazuh","ruser":"root","scan_time":"2024/08/22 10:14:05","session":486,"sgroup":"wazuh","share":614,"size":6694,"start_time":1724307230,"state":"S","stime":37,"suser":"root","tgid":487,"tty":0,"utime":11,"vm_size":26776},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 10:14:06 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"db4654ac7004a275030c865cb0a52cbf576279e3","cmd":"/var/ossec/bin/wazuh-analysisd","egroup":"wazuh","euser":"wazuh","fgroup":"wazuh","name":"wazuh-analysisd","nice":0,"nlwp":50,"pgrp":498,"pid":"499","ppid":1,"priority":20,"processor":1,"resident":44608,"rgroup":"wazuh","ruser":"wazuh","scan_time":"2024/08/22 10:14:05","session":498,"sgroup":"wazuh","share":1003,"size":619089,"start_time":1724307230,"state":"S","stime":252,"suser":"wazuh","tgid":499,"tty":0,"utime":699,"vm_size":2476356},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 10:14:07 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"87ae5d77fade1b825520959bc55b9184b44fc340","cmd":"/var/ossec/bin/wazuh-syscheckd","egroup":"wazuh","euser":"root","fgroup":"wazuh","name":"wazuh-syscheckd","nice":10,"nlwp":7,"pgrp":511,"pid":"512","ppid":1,"priority":30,"processor":0,"resident":14188,"rgroup":"wazuh","ruser":"root","scan_time":"2024/08/22 10:14:05","session":511,"sgroup":"wazuh","share":2384,"size":86144,"start_time":1724307231,"state":"S","stime":835,"suser":"root","tgid":512,"tty":0,"utime":245,"vm_size":344576},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 10:14:07 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"3ef239587cdee27e1796944adf5806ed1b05623b","cmd":"/var/ossec/bin/wazuh-remoted","egroup":"wazuh","euser":"wazuh","fgroup":"wazuh","name":"wazuh-remoted","nice":0,"nlwp":26,"pgrp":585,"pid":"588","ppid":1,"priority":20,"processor":3,"resident":21232,"rgroup":"wazuh","ruser":"wazuh","scan_time":"2024/08/22 10:14:05","session":585,"sgroup":"wazuh","share":2459,"size":304828,"start_time":1724307232,"state":"S","stime":2825,"suser":"wazuh","tgid":588,"tty":0,"utime":2469,"vm_size":1219312},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 10:14:07 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"6b233e7907ac00aaf96e044d83fb46ff3505c5a5","cmd":"/var/ossec/bin/wazuh-logcollector","egroup":"wazuh","euser":"root","fgroup":"wazuh","name":"wazuh-logcollec","nice":0,"nlwp":8,"pgrp":654,"pid":"655","ppid":1,"priority":20,"processor":0,"resident":5044,"rgroup":"wazuh","ruser":"root","scan_time":"2024/08/22 10:14:05","session":654,"sgroup":"wazuh","share":887,"size":117319,"start_time":1724307233,"state":"S","stime":127,"suser":"root","tgid":655,"tty":0,"utime":53,"vm_size":469276},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 10:14:07 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"e00310260463ce789b3da2ac4ae8a4e3ff3afaba","cmd":"/var/ossec/bin/wazuh-monitord","egroup":"wazuh","euser":"wazuh","fgroup":"wazuh","name":"wazuh-monitord","nice":0,"nlwp":2,"pgrp":673,"pid":"674","ppid":1,"priority":20,"processor":1,"resident":3940,"rgroup":"wazuh","ruser":"wazuh","scan_time":"2024/08/22 10:14:05","session":673,"sgroup":"wazuh","share":627,"size":6712,"start_time":1724307233,"state":"S","stime":69,"suser":"wazuh","tgid":674,"tty":0,"utime":22,"vm_size":26848},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 10:14:07 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"31ac83916efacd1ba792efa90a2eaa09cb55bf46","cmd":"/var/ossec/bin/wazuh-modulesd","egroup":"root","euser":"root","fgroup":"root","name":"wazuh-modulesd","nice":0,"nlwp":44,"pgrp":689,"pid":"690","ppid":1,"priority":20,"processor":2,"resident":138212,"rgroup":"root","ruser":"root","scan_time":"2024/08/22 10:14:05","session":689,"sgroup":"root","share":8195,"size":150462,"start_time":1724307233,"state":"S","stime":187,"suser":"root","tgid":690,"tty":0,"utime":379,"vm_size":601848},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 10:14:07 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":"--coreutils-prog-shebang=tail /usr/bin/tail -F /var/ossec/logs/ossec.log","checksum":"4e904b07aaaa4e647d27ac69570a0ac50ecf29e0","cmd":"/usr/bin/coreutils","egroup":"root","euser":"root","fgroup":"root","name":"tail","nice":0,"nlwp":1,"pgrp":1173,"pid":"1173","ppid":1169,"priority":20,"processor":1,"resident":1356,"rgroup":"root","ruser":"root","scan_time":"2024/08/22 10:14:05","session":1173,"sgroup":"root","share":296,"size":1232,"start_time":1724307236,"state":"S","stime":12,"suser":"root","tgid":1173,"tty":0,"utime":3,"vm_size":4928},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 10:14:07 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":"-e -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat","checksum":"18834d0e9ebf6648b2c4735104b132a914dbacc4","cmd":"/usr/share/filebeat/bin/filebeat","egroup":"root","euser":"root","fgroup":"root","name":"filebeat","nice":0,"nlwp":10,"pgrp":1174,"pid":"1174","ppid":1170,"priority":20,"processor":3,"resident":57260,"rgroup":"root","ruser":"root","scan_time":"2024/08/22 10:14:05","session":1174,"sgroup":"root","share":8494,"size":357928,"start_time":1724307236,"state":"S","stime":73,"suser":"root","tgid":1174,"tty":0,"utime":111,"vm_size":1431712},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 10:14:07 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Ending processes scan
2024/08/22 10:14:07 wazuh-modulesd:syscollector[688] logging_helper.c:31 at taggedLogFunction(): INFO: Evaluation finished.
2024/08/22 10:14:07 wazuh-modulesd:syscollector[688] logging_helper.c:37 at taggedLogFunction(): DEBUG: Starting syscollector sync
2024/08/22 10:14:07 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_check_global
2024/08/22 10:14:07 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_check_global
2024/08/22 10:14:07 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_check_global
2024/08/22 10:14:08 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_check_global
2024/08/22 10:14:08 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_check_global
2024/08/22 10:14:08 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_check_global
2024/08/22 10:14:08 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_clear
2024/08/22 10:14:08 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_check_global
2024/08/22 10:14:08 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_check_global
2024/08/22 10:14:08 wazuh-modulesd:syscollector[688] logging_helper.c:37 at taggedLogFunction(): DEBUG: Ending syscollector sync
2024/08/22 10:20:17 wazuh-modulesd:vulnerability-scanner[688] osScanner.hpp:346 at handleRequest(): DEBUG: Vulnerability scan for OS 'linux' on Agent '001' has completed.
2024/08/22 10:20:17 wazuh-modulesd:vulnerability-scanner[688] eventDetailsBuilder.hpp:101 at handleRequest(): DEBUG: Building event details for component type: 2
2024/08/22 10:20:17 wazuh-modulesd:vulnerability-scanner[688] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 3 processed
2024/08/22 10:20:26 indexer-connector[688] indexerConnector.cpp:437 at operator()(): DEBUG: Syncing agent '001' with the indexer.
2024/08/22 10:20:26 wazuh-modulesd:vulnerability-scanner[688] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 11 processed
2024/08/22 10:20:26 wazuh-modulesd:vulnerability-scanner[688] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 11 processed
2024/08/22 10:20:26 indexer-connector[688] indexerConnector.cpp:129 at abuseControl(): DEBUG: Agent '001' sync omitted due to abuse control.

[Santiago Padilla Alvarez]

Hi,

from what I see in the logs:

- openssh package has been installed, version: 8.7p1-10.el9_0
- for the operating system: Amazon Linux 2023
- the following vulnerabilities are detected: CVE-2023-48795, CVE-2023-51384, CVE-2023-51385, CVE-2023-51767
- a discrepancy has been observed between the content provider (OpenBSD) and the package provider (Oracle America).

Did you have another version of openssh installed before or by default? If yes, check that these vulnerabilities are already listed in the inventory.

I look forward to hearing from you, thank you,
best regards!

[Piotr]

Hi,

I had a different version installed. I specifically installed others to detect changes in Vulnerability Detection. I also installed various other packages like nginx, zip in non-newer versions. I restarted the agent and nothing new appeared on the Dashboard etc. I'm attaching next logs.

Best Regars!

2024/08/22 12:13:56 wazuh-modulesd:content-updater[688] action.hpp:118 at runActionScheduled(): DEBUG: Starting scheduled action for 'vulnerability_feed_manager'
2024/08/22 12:13:56 wazuh-modulesd:content-updater[688] action.hpp:210 at runAction(): DEBUG: Action for 'vulnerability_feed_manager' started
2024/08/22 12:13:56 wazuh-modulesd:content-updater[688] actionOrchestrator.hpp:242 at runContentUpdate(): DEBUG: Running 'vulnerability_feed_manager' content update
2024/08/22 12:13:56 wazuh-modulesd:content-updater[688] CtiDownloader.hpp:317 at handleRequest(): DEBUG: CtiOffsetDownloader - Starting process
2024/08/22 12:13:56 wazuh-modulesd:content-updater[688] CtiOffsetDownloader.hpp:42 at download(): DEBUG: Initial API offset: 851035
2024/08/22 12:13:57 wazuh-modulesd:content-updater[688] CtiDownloader.hpp:121 at operator()(): DEBUG: CTI raw metadata: '{"data":{"id":4,"name":"vd_4.8.0","context":"vd_1.0.0","operations":null,"inserted_at":"2023-11-23T19:34:18.698495Z","updated_at":"2024-08-20T12:18:34.058265Z","last_offset":851035,"paths_filter":null,"changes_url":"cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0/changes","last_snapshot_at":"2024-08-20T11:47:11.530327Z","last_snapshot_link":"https://cti.wazuh.com/store/contexts/vd_1.0.0/consumers/vd_4.8.0/851035_1724154431.zip","last_snapshot_offset":851035}}'
2024/08/22 12:13:57 wazuh-modulesd:content-updater[688] skipStep.hpp:48 at handleRequest(): DEBUG: SkipStep - Starting process
2024/08/22 12:13:57 wazuh-modulesd:content-updater[688] pubSubPublisher.hpp:61 at handleRequest(): DEBUG: PubSubPublisher - Starting process
2024/08/22 12:13:57 wazuh-modulesd:content-updater[688] pubSubPublisher.hpp:49 at publish(): DEBUG: No data to publish
2024/08/22 12:13:57 wazuh-modulesd:content-updater[688] skipStep.hpp:48 at handleRequest(): DEBUG: SkipStep - Starting process
2024/08/22 12:13:57 wazuh-modulesd:content-updater[688] cleanUpContent.hpp:63 at handleRequest(): DEBUG: CleanUpContent - Starting process
2024/08/22 12:13:57 wazuh-modulesd:content-updater[688] action.hpp:221 at runAction(): DEBUG: Action for 'vulnerability_feed_manager' finished
2024/08/22 12:14:06 wazuh-modulesd:vulnerability-scanner[688] osScanner.hpp:346 at handleRequest(): DEBUG: Vulnerability scan for OS 'linux' on Agent '001' has completed.
2024/08/22 12:14:06 wazuh-modulesd:vulnerability-scanner[688] eventDetailsBuilder.hpp:101 at handleRequest(): DEBUG: Building event details for component type: 2
2024/08/22 12:14:06 wazuh-modulesd:vulnerability-scanner[688] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 3 processed
2024/08/22 12:14:11 wazuh-modulesd:syscollector[688] logging_helper.c:31 at taggedLogFunction(): INFO: Starting evaluation.
2024/08/22 12:14:11 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Starting hardware scan
2024/08/22 12:14:11 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"board_serial":"None","checksum":"06326712de34b7333f27e48c37286019f99e7ba6","cpu_cores":4,"cpu_mhz":2700.0,"cpu_name":"Intel(R) Xeon(R) CPU E5-2697 v2 @ 2.70GHz","ram_free":4546920,"ram_total":7664488,"ram_usage":41,"scan_time":"2024/08/22 12:14:11"},"operation":"MODIFIED","type":"dbsync_hwinfo"}
2024/08/22 12:14:11 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Ending hardware scan
2024/08/22 12:14:11 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Starting os scan
2024/08/22 12:14:11 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"architecture":"x86_64","checksum":"1724328851585139580","hostname":"wazuh.manager","os_major":"2023","os_name":"Amazon Linux","os_platform":"amzn","os_version":"2023","release":"5.15.0-209.161.7.1.el9uek.x86_64","scan_time":"2024/08/22 12:14:11","sysname":"Linux","version":"#2 SMP Mon Aug 12 18:53:13 PDT 2024"},"operation":"MODIFIED","type":"dbsync_osinfo"}
2024/08/22 12:14:11 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Ending os scan
2024/08/22 12:14:11 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Starting network scan
2024/08/22 12:14:11 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"adapter":null,"checksum":"1d39d59375192cb7f2110378a2ceb7155ec1fb88","item_id":"d4aa8b01955e438235d586585492f3f5edceec1b","mac":"02:42:ac:12:00:02","mtu":1500,"name":"eth0","rx_bytes":7196906,"rx_dropped":0,"rx_errors":0,"rx_packets":26389,"scan_time":"2024/08/22 12:14:11","state":"up","tx_bytes":4512376,"tx_dropped":0,"tx_errors":0,"tx_packets":22498,"type":"ethernet"},"operation":"MODIFIED","type":"dbsync_network_iface"}
2024/08/22 12:14:11 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Ending network scan
2024/08/22 12:14:11 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Starting packages scan
2024/08/22 12:14:11 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Ending packages scan
2024/08/22 12:14:11 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Starting ports scan
2024/08/22 12:14:11 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Ending ports scan
2024/08/22 12:14:11 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Starting processes scan
2024/08/22 12:14:12 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":"/var/ossec/api/scripts/wazuh-apid.py","checksum":"543f60229bed483e4d3959df4679a4b65c295815","cmd":"/var/ossec/framework/python/bin/python3","egroup":"wazuh","euser":"wazuh","fgroup":"wazuh","name":"python3","nice":0,"nlwp":12,"pgrp":394,"pid":"395","ppid":1,"priority":20,"processor":2,"resident":124512,"rgroup":"wazuh","ruser":"wazuh","scan_time":"2024/08/22 12:14:11","session":394,"sgroup":"wazuh","share":4417,"size":218758,"start_time":1724307228,"state":"S","stime":760,"suser":"wazuh","tgid":395,"tty":0,"utime":3258,"vm_size":875032},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 12:14:12 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":"/var/ossec/api/scripts/wazuh-apid.py","checksum":"77a1f756f2632d72d303fe9ce9e9916245f418b9","cmd":"/var/ossec/framework/python/bin/python3","egroup":"wazuh","euser":"wazuh","fgroup":"wazuh","name":"python3","nice":0,"nlwp":1,"pgrp":394,"pid":"396","ppid":395,"priority":20,"processor":0,"resident":76132,"rgroup":"wazuh","ruser":"wazuh","scan_time":"2024/08/22 12:14:11","session":394,"sgroup":"wazuh","share":2433,"size":39953,"start_time":1724307228,"state":"S","stime":78,"suser":"wazuh","tgid":396,"tty":0,"utime":402,"vm_size":159812},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 12:14:12 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":"/var/ossec/api/scripts/wazuh-apid.py","checksum":"d81d50890e39dc0323b77bae97c1210df806f3f1","cmd":"/var/ossec/framework/python/bin/python3","egroup":"wazuh","euser":"wazuh","fgroup":"wazuh","name":"python3","nice":0,"nlwp":1,"pgrp":394,"pid":"399","ppid":395,"priority":20,"processor":1,"resident":83088,"rgroup":"wazuh","ruser":"wazuh","scan_time":"2024/08/22 12:14:11","session":394,"sgroup":"wazuh","share":2546,"size":78065,"start_time":1724307228,"state":"S","stime":142,"suser":"wazuh","tgid":399,"tty":0,"utime":6037,"vm_size":312260},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 12:14:12 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":"/var/ossec/api/scripts/wazuh-apid.py","checksum":"c47b4a046fba8eaa0b442c62ca2316331ac5fcc1","cmd":"/var/ossec/framework/python/bin/python3","egroup":"wazuh","euser":"wazuh","fgroup":"wazuh","name":"python3","nice":0,"nlwp":1,"pgrp":394,"pid":"402","ppid":395,"priority":20,"processor":2,"resident":62760,"rgroup":"wazuh","ruser":"wazuh","scan_time":"2024/08/22 12:14:11","session":394,"sgroup":"wazuh","share":1036,"size":111054,"start_time":1724307228,"state":"S","stime":0,"suser":"wazuh","tgid":402,"tty":0,"utime":0,"vm_size":444216},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 12:14:12 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"c52f87025bd22ce2ac7abb6b0c2f9892fe93154e","cmd":"/var/ossec/bin/wazuh-authd","egroup":"wazuh","euser":"root","fgroup":"wazuh","name":"wazuh-authd","nice":0,"nlwp":5,"pgrp":443,"pid":"444","ppid":1,"priority":20,"processor":2,"resident":8336,"rgroup":"wazuh","ruser":"root","scan_time":"2024/08/22 12:14:11","session":443,"sgroup":"wazuh","share":1695,"size":45661,"start_time":1724307228,"state":"S","stime":1422,"suser":"root","tgid":444,"tty":0,"utime":230,"vm_size":182644},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 12:14:12 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"499931263df7e1ae6b92c2bd26354c70e5a1783a","cmd":"/var/ossec/bin/wazuh-db","egroup":"wazuh","euser":"wazuh","fgroup":"wazuh","name":"wazuh-db","nice":0,"nlwp":14,"pgrp":460,"pid":"461","ppid":1,"priority":20,"processor":2,"resident":24600,"rgroup":"wazuh","ruser":"wazuh","scan_time":"2024/08/22 12:14:11","session":460,"sgroup":"wazuh","share":2572,"size":232791,"start_time":1724307229,"state":"S","stime":1370,"suser":"wazuh","tgid":461,"tty":0,"utime":657,"vm_size":931164},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 12:14:12 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"abd26dfe2d574babf581a442b2c66b6f8b039b48","cmd":"/var/ossec/bin/wazuh-execd","egroup":"wazuh","euser":"root","fgroup":"wazuh","name":"wazuh-execd","nice":0,"nlwp":2,"pgrp":486,"pid":"487","ppid":1,"priority":20,"processor":0,"resident":3820,"rgroup":"wazuh","ruser":"root","scan_time":"2024/08/22 12:14:11","session":486,"sgroup":"wazuh","share":614,"size":6694,"start_time":1724307230,"state":"S","stime":55,"suser":"root","tgid":487,"tty":0,"utime":17,"vm_size":26776},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 12:14:12 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"6b89d1a229b9b80ca71e9e659788fa8c048adc46","cmd":"/var/ossec/bin/wazuh-analysisd","egroup":"wazuh","euser":"wazuh","fgroup":"wazuh","name":"wazuh-analysisd","nice":0,"nlwp":50,"pgrp":498,"pid":"499","ppid":1,"priority":20,"processor":3,"resident":46192,"rgroup":"wazuh","ruser":"wazuh","scan_time":"2024/08/22 12:14:11","session":498,"sgroup":"wazuh","share":1003,"size":619089,"start_time":1724307230,"state":"S","stime":376,"suser":"wazuh","tgid":499,"tty":0,"utime":1015,"vm_size":2476356},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 12:14:12 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"8b8e9fddaf1d58dd0d29cfcccd5f8d3024e28c0a","cmd":"/var/ossec/bin/wazuh-syscheckd","egroup":"wazuh","euser":"root","fgroup":"wazuh","name":"wazuh-syscheckd","nice":10,"nlwp":7,"pgrp":511,"pid":"512","ppid":1,"priority":30,"processor":2,"resident":14188,"rgroup":"wazuh","ruser":"root","scan_time":"2024/08/22 12:14:11","session":511,"sgroup":"wazuh","share":2384,"size":86144,"start_time":1724307231,"state":"S","stime":872,"suser":"root","tgid":512,"tty":0,"utime":273,"vm_size":344576},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 12:14:12 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"14dddc09b2216c979ea731be7e055ef3b6e802fd","cmd":"/var/ossec/bin/wazuh-remoted","egroup":"wazuh","euser":"wazuh","fgroup":"wazuh","name":"wazuh-remoted","nice":0,"nlwp":26,"pgrp":585,"pid":"588","ppid":1,"priority":20,"processor":1,"resident":21232,"rgroup":"wazuh","ruser":"wazuh","scan_time":"2024/08/22 12:14:11","session":585,"sgroup":"wazuh","share":2459,"size":304828,"start_time":1724307232,"state":"S","stime":4230,"suser":"wazuh","tgid":588,"tty":0,"utime":3685,"vm_size":1219312},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 12:14:13 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"b2cc1e749e9181ebbe5531169f77b40b85bb2fc3","cmd":"/var/ossec/bin/wazuh-logcollector","egroup":"wazuh","euser":"root","fgroup":"wazuh","name":"wazuh-logcollec","nice":0,"nlwp":8,"pgrp":654,"pid":"655","ppid":1,"priority":20,"processor":1,"resident":5044,"rgroup":"wazuh","ruser":"root","scan_time":"2024/08/22 12:14:11","session":654,"sgroup":"wazuh","share":887,"size":117319,"start_time":1724307233,"state":"S","stime":196,"suser":"root","tgid":655,"tty":0,"utime":84,"vm_size":469276},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 12:14:13 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"692950c43b05b74437c9f51bd4b1d0aa73e1b29d","cmd":"/var/ossec/bin/wazuh-monitord","egroup":"wazuh","euser":"wazuh","fgroup":"wazuh","name":"wazuh-monitord","nice":0,"nlwp":2,"pgrp":673,"pid":"674","ppid":1,"priority":20,"processor":1,"resident":3940,"rgroup":"wazuh","ruser":"wazuh","scan_time":"2024/08/22 12:14:11","session":673,"sgroup":"wazuh","share":627,"size":6712,"start_time":1724307233,"state":"S","stime":103,"suser":"wazuh","tgid":674,"tty":0,"utime":35,"vm_size":26848},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 12:14:13 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":null,"checksum":"6f80c7abd65363ba253315a1a505dacc5edae4a6","cmd":"/var/ossec/bin/wazuh-modulesd","egroup":"root","euser":"root","fgroup":"root","name":"wazuh-modulesd","nice":0,"nlwp":44,"pgrp":689,"pid":"690","ppid":1,"priority":20,"processor":2,"resident":132760,"rgroup":"root","ruser":"root","scan_time":"2024/08/22 12:14:11","session":689,"sgroup":"root","share":8195,"size":150462,"start_time":1724307233,"state":"S","stime":262,"suser":"root","tgid":690,"tty":0,"utime":514,"vm_size":601848},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 12:14:13 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":"--coreutils-prog-shebang=tail /usr/bin/tail -F /var/ossec/logs/ossec.log","checksum":"4e904b07aaaa4e647d27ac69570a0ac50ecf29e0","cmd":"/usr/bin/coreutils","egroup":"root","euser":"root","fgroup":"root","name":"tail","nice":0,"nlwp":1,"pgrp":1173,"pid":"1173","ppid":1169,"priority":20,"processor":1,"resident":1356,"rgroup":"root","ruser":"root","scan_time":"2024/08/22 12:14:11","session":1173,"sgroup":"root","share":296,"size":1232,"start_time":1724307236,"state":"S","stime":12,"suser":"root","tgid":1173,"tty":0,"utime":3,"vm_size":4928},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 12:14:13 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Delta sent: {"data":{"argvs":"-e -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat","checksum":"77f13cd0d93153865c57119f2372115cb3d643f0","cmd":"/usr/share/filebeat/bin/filebeat","egroup":"root","euser":"root","fgroup":"root","name":"filebeat","nice":0,"nlwp":10,"pgrp":1174,"pid":"1174","ppid":1170,"priority":20,"processor":0,"resident":57260,"rgroup":"root","ruser":"root","scan_time":"2024/08/22 12:14:11","session":1174,"sgroup":"root","share":8494,"size":357928,"start_time":1724307236,"state":"S","stime":103,"suser":"root","tgid":1174,"tty":0,"utime":163,"vm_size":1431712},"operation":"MODIFIED","type":"dbsync_processes"}
2024/08/22 12:14:13 wazuh-modulesd:syscollector[688] logging_helper.c:40 at taggedLogFunction(): DEBUG: Ending processes scan
2024/08/22 12:14:13 wazuh-modulesd:syscollector[688] logging_helper.c:31 at taggedLogFunction(): INFO: Evaluation finished.
2024/08/22 12:14:13 wazuh-modulesd:syscollector[688] logging_helper.c:37 at taggedLogFunction(): DEBUG: Starting syscollector sync
2024/08/22 12:14:13 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_check_global
2024/08/22 12:14:13 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_check_global
2024/08/22 12:14:13 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_check_global
2024/08/22 12:14:13 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_check_global
2024/08/22 12:14:13 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_check_global
2024/08/22 12:14:14 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_check_global
2024/08/22 12:14:14 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_clear
2024/08/22 12:14:14 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_check_global
2024/08/22 12:14:14 rsync[688] rsyncImplementation.cpp:120 at startRSync(): DEBUG: Remote sync started: integrity_check_global
2024/08/22 12:14:14 wazuh-modulesd:syscollector[688] logging_helper.c:37 at taggedLogFunction(): DEBUG: Ending syscollector sync
2024/08/22 12:14:18 wazuh-modulesd:vulnerability-scanner[688] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 11 processed
2024/08/22 12:14:18 indexer-connector[688] indexerConnector.cpp:437 at operator()(): DEBUG: Syncing agent '001' with the indexer.
2024/08/22 12:14:18 wazuh-modulesd:vulnerability-scanner[688] scanOrchestrator.hpp:299 at run(): DEBUG: Event type: 11 processed
2024/08/22 12:14:18 indexer-connector[688] indexerConnector.cpp:129 at abuseControl(): DEBUG: Agent '001' sync omitted due to abuse control.

[Santiago Padilla Alvarez]

Hi,

in the logs there is no error and no package name or version of the installed packages.

Could you please pass me the syscollector inventory?

You can download it from the Dev Tools section in the Dashboard with the following command: GET /syscollector/id_agent/packages
Also please if you can pass me the agent's operating system information with: GET /syscollector/id_agent/os
(as far as I can see in the logs the agent id is 001).

I look forward to any news,
Best regards!

[Piotr]

Hi,

I reinstalled the agent because I thought something was wrong with it. Now agent has '002' id. Next I reinstalled packages, installed updates and restarted the agent. Again install another packages (mc, haproxy), restarted agent. It still did not change anything.

In attachments commands results and logs after installation.

Best Regards!

[Santiago Padilla Alvarez]

Hi,

looking at the operating system file you have passed me I see that the agent is Oracle Linux, which is not an operating system currently supported for vulnerability detection. That's why the logs of incompatibilities with the vendor appear.

I leave here the list with all the operating systems supported by Wazuh for vulnerability detection as of today on August 26th 2024.

I apologize for the inconvenience and I hope I have clarified your doubts.

Best regards!

[Piotr]

Hi,

In an older version of vulnerability detection, there was functionality to assign Oracle Linux to, for example, Redhat.

<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>yes</enabled>
<os>5</os>
<os>6</os>
<os>7</os>
<os>8</os>
<os>9</os>
<os allow="Oracle Linux-7">7</os>
<os allow="Oracle Linux-8">8</os>
<os allow="Oracle Linux-9">9</os>
<update_interval>1h</update_interval>
</provider>

Is this also possible in the new version? Is work underway to add more supported operating systems?

Best Regars!

[Santiago Padilla Alvarez]

Hi,

let me check with the team and bring you an answer as soon as possible,

thank you!

[Santiago Padilla Alvarez]

Hi,

I have discussed this with the team and unfortunately there is no solution, the functionality that was available in previous versions to assign it to another operating system as was the case with Oracle Linux with Redhat is no longer possible.

We recommend you to use a supported operating system to be able to use vulnerability detection fully and in the most correct way possible. Here is the official VD compatibility matrix.

For everything that is not listed, we use the NVD. And since it is too generic, we use the vendor of the package as a filter to avoid overmatching.

For future versions of Wazuh the supported operating systems for VD will be the following:

 - Redhat: 7,8,9
 - Ubuntu: 22.04, 24.04
 - Amazon Linux: 2, 2023
 - CentOS: 7,8

I hope it will help you!

Best regards!