osquery installed/enabled but missing from wazuh console
980 views
Skip to first unread message
John S. Galliano
Jun 13, 2022, 5:11:13 PM6/13/22
to Wazuh mailing list
I have osquery installed on my agents and enabled within my manager config, but I do not see the module present. Any advice on how to resolve is appreciated!
<!-- Osquery integration -->
<wodle name="osquery">
<disabled>no</disabled>
<run_daemon>yes</run_daemon>
<bin_path>/usr/bin</bin_path>
<log_path>/var/log/osquery/osqueryd.results.log</log_path>
<config_path>/etc/osquery/osquery.conf</config_path>
<add_labels>yes</add_labels>
<pack name="custom_pack">/path/to/custom_pack.conf</pack>
</wodle>
<wodle name="osquery">
<disabled>no</disabled>
<run_daemon>yes</run_daemon>
<bin_path>/usr/bin</bin_path>
<log_path>/var/log/osquery/osqueryd.results.log</log_path>
<config_path>/etc/osquery/osquery.conf</config_path>
<add_labels>yes</add_labels>
<pack name="custom_pack">/path/to/custom_pack.conf</pack>
</wodle>
Carlos Dams
Jun 13, 2022, 7:39:59 PM6/13/22
to Wazuh mailing list
Hi John,
Thanks for using Wazuh!
If you already configured osquery, you may be just missing enabling the osquery module:
- Open Wazuh Dashabord (formerly Kibana)
- Click on Wazuh -> Settings -> Modules Screenshot wazuh
- Scroll down and under Threat Detection and Response enable Osquery
- Go back to Wazuh menu and you will be able to see Osquery module
I list here some documentation about Osquery that might help:
I hope this information addresses your question, please let me know
Carlos D.
Reply all
Reply to author
Forward
0 new messages