Missed Active Response Script

[Alvaro Victoriano]

Hello Wazuh tema.

I was checking my configurations of Active Response, everything was fine but when i made test it didnt ativated so i went to server to check the scripts and i saw the scripts

.cmd are missed.

How i can add them? or what was the wrong for not to be added? to avoid it.

And i would like to ask about the script, ossec-tweeter.sh for what is it?

kaspersky.py, kaspersky.sh as well, for what they are? because are new for me are not mentioned in https://documentation.wazuh.com/3.10/user-manual/capabilities/active-response/how-it-works.html

Thank you

[Cristina Garrido López]

Hi Álvaro,

You cannot see the .cmd scripts because they are not included in Linux systems. You should see them when you install Wazuh in a Windows machine. The ossec-tweeter.sh script can send an alert to Twitter by giving your username and password, also you can set the variable DIRECTMSGUSER in order to send a specific message to someone.

Regarding the kaspersky question, the bash script (.sh) runs the python script (.py), which is in charge of running scans for your computer, you can configure it to scan a custom folder, your memory, etc. This is an integration with Kaspersky, which is a software dedicated to cybersecurity and protecting your computer from malware and virus. Let me know if this helped and solved your doubts.

Kind regards,

Cristina

[Alvaro Victoriano]

Hello Cristina.

Yes you are right, I checked it in windows and its there, I thought i could see it because i that secreenshot is from the manager.

And thank you about the other explanation of Kaspersky and Tweeter.

regards.

[Cristina Garrido López]

Hi Álvaro,

I'm happy to hear that! My pleasure, feel free to ask anytime you need it.

Kind regards,

Cristina