Active Response Scripts

[Eva]

Hello Community,

I would like to ask if it is possible in some way to put the scripts for active response remotely in the bin folder to every agent because I monitor multiple computers in the world. Could  i do this with WPK ? or with some tool that you recommend me that allows me remote access. But don't want any tools like anydesk or TeamViewer . I'd rather I only had access to the command line ( Linux , Windows, Mac) and for file transfer(FTP). It Install on every computer like an agent .

Thank you very much, you would help me if someone answers me . I will wait for your reply.

Regards,

Eva

[Franco Fabian Rivero]

Hi Eva
thank you for using Wazuh!
I understand that you want to execute some actions on different agents, you have the possibility to add a custom script in Active Response ( https://documentation.wazuh.com/current/user-manual/capabilities/active-response/custom-active-response.html), so I understand with this you could generate what you want to perform.
Hope you find it useful.
Regards

[Eva]

Hi,

Thank you very much for your reply but my problem is not how to execute or create custom script in Active Response but how to remotely transfer  the new custom scripts  to each agent  as I mentioned in my question above 

[Franco Fabian Rivero]

Hello Eva,
How are you doing?
For security reasons each custom script must be transferred to each agent individually depending on the type of operating system you have to add the script in different paths.
For Windows you should add the script in C:\Program Files\ossec-agent\active-response\bin and for Linux you should add the script in /var/ossec/active-response/bin
Here you can read about it (https://documentation.wazuh.com/current/user-manual/capabilities/active-response/remediation-faq.html#can-i-share-custom-active-response-scripts-using-centralized-configuration).
Regards