WIndows agent with Float IP

[Adiel Jesus Navarro Rosado]

Is it possible that the Wazuh Windows Agent works in an endpoint whose IP is assigned by dhcp and change every time it is rebooted?

 

 

---

Este mensaje (incluidos sus anexos) es exclusivamente para el uso de la persona o entidad a quien esta dirigido; contiene informacion estrictamente confidencial y legalmente protegida, cuya divulgacion es sancionada por la ley. Si el lector de este mensaje no es a quien esta dirigido, ni se trata del empleado o agente responsable de esta informacion, se le notifica por medio del presente, que su reproduccion y distribucion, esta estrictamente prohibida. Si Usted recibio este comunicado por error, favor de notificarlo inmediatamente al remitente y destruir el mensaje. Es responsabilidad del destinatario asegurarse que este correo electrónico y sus anexos no contengan virus. Todas las opiniones contenidas en este mail son propias del autor del mensaje y no necesariamente coinciden con las de [Radiomóvil Dipsa S.A. de C.V.] o alguna de sus empresas controladas, controladoras, afiliadas y subsidiarias. Este mensaje intencionalmente no contiene acentos.


This message (including attachments) is for the sole use of the person or entity to whom it is being sent. Therefore, it contains strictly confidential and legally protected material whose disclosure is subject to penalty by law. If the person reading this message is not the one to whom it is being sent and/or is not an employee or the responsible agent for this information, this person is herein notified that any unauthorized dissemination, distribution or copying of the materials included in this facsimile is strictly prohibited. If you received this document by mistake please notify immediately to the subscriber and destroy the message. It is the recipient’s responsibility to ensure that this message (including attachments) is virus free. Any opinions contained in this e-mail are those of the author of the message and do not necessarily coincide with those of [Radiomóvil Dipsa S.A. de C.V.] or any of its control, controlled, affiliates and subsidiaries companies. No part of this message or attachments may be used or reproduced in any manner whatsoever.

[Victor Carlos Erenu]

Hi Adiel

By default, the agent is installed in such a way that it can be recognized from any IP, as it is recognized by its client key

To check that the value is the default, inside the /var/ossec/etc/ossec.conf file in Wazuh Manager, you have the following tag

   <ossec_config>

      ...

      <auth>

          ...

         <use_source_ip> no </use_source_ip>

         ...

     </auth>

     ...

The use_source_ip tag toggles the use of the client’s source IP address or the use of “any” to add an agent.

In case you already have an agent installation with fixed IP, the file /var/ossec/etc/client.keys stores the data of the clients registered within Wazuh Manager

The third column of this file contains the IP or range set for the agent

  001 Server1 any e20e0394dca71bacdea57d4ca25d203f836eca12eeca1ec150c2e5f4309a653a

This value can be set as anything, with an IP or with a range

For more information you can check our documentation

Regards