Vulnerability detection: No results match your search criteria

[Grzegorz G.]

Hi Team,
I work with Wazuh 4.9.2 version and I noticed that for new registered agents modul Vulnerability Detection doesn't scan agents and on Dashboard\Inventory\Events tab show only "No results match your search criteria".
It is strange situation because in modul Discover I can see events from problematic agents and all these agents are active, so question is why Vulnerability Detection doesn't work ? Thank you in advance for any help.

I tried fix it and I did steps below :
1.
 - I set vulnerability-detector on "no" in ossec.conf on manager
 - I restarted the service manager
 - I enabled vulnerability detector in ossec.conf on manager
 - I restarted the manager service again
It didn't help :(

2.
- restarted all environment: mgmt, indexer, dashboard servers
It didn't help :(

Below, I pasted a few screenshots from my system.
BTW In total I have installed 50 active agents currently.

[Stuti Gupta]

Hi  Grzegorz

During the initial scan, no events are generated. Events are only triggered after the first scan when you install a vulnerable package or resolve a vulnerability by updating the package or applying a fix. To test if vulnerability detection is working correctly, try installing an older version of VLC Player (e.g., VLC 2.2.3).

Additionally, ensure your cluster health is green for vulnerability detection to function properly. If there are unassigned shards, delete them using the following command: curl -k -XGET -u user:pass "https://<elasticsearch>:9200/_cat/shards" | grep UNASSIGNED | awk '{print $1}' | xargs -i curl -k -XDELETE -u user:pass "https://<indexer_ip>:9200/{}"

Verify that your vulnerability detection configuration https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/configuring-scans.html

For indexer connection settings, refer to https://documentation.wazuh.com/current/installation-guide/wazuh-server/step-by-step.html#configuring-the-wazuh-indexer-connection

Finally, check for any errors or warnings on the Wazuh manager and agent by running: cat /var/ossec/logs/ossec.log 

Let me know if you need any further assistance!

[Grzegorz G.]

Hi Stuti,

thank yo for your quick response I executed command: curl -k -XGET -u user:pass "https://<elasticsearch>:9200/_cat/shards" | grep UNASSIGNED | awk '{print $1}' | xargs -i curl -k -XDELETE -u user:pass "https://<indexer_ip>:9200/{}"  

which deleted 6  unassigned  shards from 17 for rest 11 shards I received errors like below. Any suggestion how can I set permissions for this shards ?

[Grzegorz G.]

Hi Stuti,

I have found here https://groups.google.com/g/wazuh/c/7979dM1AF74/m/8vmgKGV4AAAJ similar topic with my, so additionally I did two steps like below, unfortunately both without success because still I have a few unassigned shards like below

I would appreciate any other suggestions how can I fix this.

PUT .opendistro-*/_settings
{
"index.number_of_replicas" : 0,
"index.auto_expand_replicas": false
}

and this

  curl --cert /etc/wazuh-indexer/cert/admin.pem --key /etc/wazuh-indexer/cert/admin-key.pem -k -XPUT "https://wazuh-indexer:9200/affected_index/_settings" -H 'Content-Type: application/json' -d '{"index": {"number_of_replicas": 0}}'

[Grzegorz G.]

Hi all,

I spent a lot of time trying solve my issue with no "No results match your search criteria" on Vulnerability detection dashboard in Wazuh 4.9.2 version. 

I tried fix it a few suggestion from this and the other forums but today I have found that in my case source my issue was settings proxy server in usr/lib/systemd/system/wazuh-manager.service.

After commented entries for proxy servers like below and restart wazuh-manager on all nodes  everything improved and went back to working properly.

#Environment="https_proxy=http://<IP:port>" #Environment="http_proxy="http://<IP:port>"

[Stuti Gupta]

Hi  Grzegorz 

G;ad to know your issue is resolved