Tomcat not being detected as software package

6 views
Skip to first unread message

Alejandro Olmos Sánchez

unread,
Jun 30, 2026, 8:15:19 AM (3 days ago) Jun 30
to Wazuh | Mailing List

Hi Wazuh team,

I have noticed that Tomcat is not being detected as an installed package in Wazuh. However, it is visible on the endpoint as an installed service, specifically tomcat9.

Because Tomcat is not detected as a package, vulnerability scans do not appear to be performed against it. As a result, any vulnerabilities affecting the installed Tomcat version may not be reported by Wazuh.

Could you confirm whether this is expected behavior? Is there any recommended way to make Wazuh detect Tomcat installations when they are installed as a service but not listed as a package?

Thanks in advance.


Olamilekan Abdullateef Ajani

unread,
Jun 30, 2026, 8:43:48 AM (3 days ago) Jun 30
to Wazuh | Mailing List
Hello,

This is an expected behavior if Tomcat is not detected as a package (syscollector), vulnerability detection may not report CVEs for that Tomcat installation. Vulnerability detection depends on the software inventory collected by Syscollector, so could you confirm whether Tomcat was installed through the OS package manager or manually?

On Debian/Ubuntu:

dpkg -l | grep -i tomcat

On RHEL/CentOS:

rpm -qa | grep -i tomcat

If it does not appear there, then vulnerability detection will not detect it as a package, even if a tomcat9 service exists. That said, you may need to monitor Tomcat using other methods, such as SCA/custom checks, FIM on the Tomcat installation path, or external vulnerability scanning tool and then push the log to Wazuh.

If it does appear in the package manager but not in Wazuh Inventory, then we may need to look further and troubleshoot from the agent's perspective too.

Please let me know what you find
Reply all
Reply to author
Forward
0 new messages