Hi Wazuh team,
I have noticed that Tomcat is not being detected as an installed package in Wazuh. However, it is visible on the endpoint as an installed service, specifically tomcat9.
Because Tomcat is not detected as a package, vulnerability scans do not appear to be performed against it. As a result, any vulnerabilities affecting the installed Tomcat version may not be reported by Wazuh.
Could you confirm whether this is expected behavior? Is there any recommended way to make Wazuh detect Tomcat installations when they are installed as a service but not listed as a package?
Thanks in advance.