How to Disable & Delete SCA Scan

[Park Waldo]

I need to SCA disable and delete data.

Please advise me.

[elw...@wazuh.com]

Hello Park,

All SCA options are described here https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/sca.html#reference-sec-config-assessment and disabling it for all the agents, can be done through the groups as shown below:





To delete the indexed SCA data, you can use delete by query via the dev tools:

POST /wazuh-alerts-*/_delete_by_query?wait_for_completion=true
{
   "query": {
    "bool": {
      "must": [
        {
          "match": {
            "decoder.name": "sca"
          }
        }
      ]
    }
  }
}




Hope this helps.

Regards,

Wali

[Park Waldo]

Dear sir,

thanks for your information, but it was same as below.

#! Deprecation: this request accesses system indices: [.kibana_1], but in a future major version, direct access to system indices will be prevented by default
{
  "took" : 352,
  "timed_out" : false,
  "total" : 0,
  "deleted" : 0,
  "batches" : 0,
  "version_conflicts" : 0,
  "noops" : 0,
  "retries" : {
    "bulk" : 0,
    "search" : 0
  },
  "throttled_millis" : 0,
  "requests_per_second" : -1.0,
  "throttled_until_millis" : 0,
  "failures" : [ ]
}

please check and reply me.

thanks,

2022년 3월 22일 화요일 오후 7시 5분 55초 UTC+9에 elw...@wazuh.com님이 작성: