Dashboard stopped displaying VirusTotal log

[Fawwas Hamdi]

Hello guys i hope someone can help me with this issue as im facing it multiple times now,

as you can see the log is suddenly stopped out of nowhere but when I check ossec.log the VT log is there, when I reapply the config within the ossec it does nothing, but when I reboot the server the log suddenly appear again but after a couple hours it stopped again but still within the ossec.log VT log is there. 

[Fawwas Hamdi]

i tested the active response as well and its working just fine but then again the log is not shown in the dashboard

[Fabian Ruiz]

Hi  Fawwas Hamdi,

This is due to the limitations of the virus total public API, this can be found at:

https://documentation.wazuh.com/current/user-manual/capabilities/malware-detection/virus-total-integration.html#terms-of-service

https://developers.virustotal.com/reference/public-vs-premium-api

In your case you exceed the rate limit of the virus total public API.

Thanks for using Wazuh,
Regards.

[Fawwas Hamdi]

well thats one thing about the api and I understand about that but why is the log its not shown within the dashboard? as I also have evidence that even the API reached its limit it still send the log to the dashboard

[Fabian Ruiz]

For this we should check why the alert was not indexed, you can check the logs of the indexer to see if we find something related.