Suricata in wazuh does not detect attacks

1,361 views
Skip to first unread message

Rick Gutierrez

unread,
Oct 28, 2019, 6:31:39 PM10/28/19
to Wazuh mailing list
Hi list , I am trying to detect attacks on my servers connected to my
Elasticsearch server and wazuh app, I have 5 servers connected to
their agents, I have followed the following guide
https://documentation.wazuh.com/3.10/learning-wazuh/suricata.html?highlight=suricata
, I have completed most of the guide, but I have some doubts:

first doubt: Is it mandatory to use logstash to use Geolocation with
Suricata events?

second doubt: I am doing xss and ssh brute force attacks and I see
that Suricata does not send the log to kibana, I see some in the
Suricata those of ssh, but not the web attacks , I show the
suricatalog:

If I make the attacks on the clients with the wazuh agent using nikto,
Suricata shows any type of attacks.

thanks for the support.
--
rickygm

http://gnuforever.homelinux.com
suricata-log.jpg

Miguel Martinez

unread,
Oct 28, 2019, 6:47:38 PM10/28/19
to Wazuh mailing list
Hi Rick

Based on my experience no you don't have to use logstash if you don't want but is needed for geolocation ...

On the suricata side in the case of the ssh there is a rule on wazuh that detect the Brute Force so maybe that why you can't find it on the alerts as a suricata one .... it happens there is a way to point it to the suricata rule check here : https://groups.google.com/forum/m/?utm_medium=email&utm_source=footer#!msg/wazuh/kAhYgvM9CzA/otvbYJdRCAAJ

Rick Gutierrez

unread,
Oct 28, 2019, 7:00:34 PM10/28/19
to Miguel Martinez, Wazuh mailing list
El lun., 28 oct. 2019 a las 16:47, Miguel Martinez
(<miguel.a....@gmail.com>) escribió:
>
> Hi Rick
>
> Based on my experience no you don't have to use logstash if you don't want but is needed for geolocation ...

It is the only way?

>
> On the suricata side in the case of the ssh there is a rule on wazuh that detect the Brute Force so maybe that why you can't find it on the alerts as a suricata one .... it happens there is a way to point it to the suricata rule check here : https://groups.google.com/forum/m/?utm_medium=email&utm_source=footer#!msg/wazuh/kAhYgvM9CzA/otvbYJdRCAAJ

ok, I forgot to comment that the web and ssh attacks I see them in the
wazuh app, but they are the ones that it brings by default, Suricata
does not send the attacks it detects




--
rickygm

http://gnuforever.homelinux.com
web-attack.jpg

Miguel Martinez

unread,
Oct 28, 2019, 7:11:14 PM10/28/19
to Wazuh mailing list
It is the only way? that I don't know maybe a more experienced wazuh user can help us ......

On the alerts .... I had the same issue and that's how I fix it .... you can maybe try other attacks that are not default on wazuh so you can be sure that suricata can detect them .... I was about to send a hallmary to one of my client and on that way test as much of both suricata and wazuh but I've been short on time lately ....also you can disable the wazuh rule to make sure suricata can detect it " that's what I was planning "

Jose Luis Ruiz

unread,
Oct 28, 2019, 7:19:51 PM10/28/19
to Rick Gutierrez, Wazuh mailing list
hi rick, no idea about suricata but you can enable geoip in filebeats



output.elasticsearch:
  hosts: ["localhost:9200"]
  pipeline: geoip-info
On Oct 28, 2019, at 11:31 PM, Rick Gutierrez <xserve...@gmail.com> wrote:

Hi list , I am trying to detect attacks on my servers connected to my
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/CAL_GE3TJ_wmjMr9XHEeFoC%3DEJUqxodquA4y%3D-_JMMXHJsDsY0Q%40mail.gmail.com.
<suricata-log.jpg>

Rick Gutierrez

unread,
Oct 28, 2019, 7:29:06 PM10/28/19
to Miguel Martinez, Wazuh mailing list
El lun., 28 oct. 2019 a las 17:11, Miguel Martinez
(<miguel.a....@gmail.com>) escribió:
>
> It is the only way? that I don't know maybe a more experienced wazuh user can help us ......
>
> On the alerts .... I had the same issue and that's how I fix it .... you can maybe try other attacks that are not default on wazuh so you can be sure that suricata can detect them .... I was about to send a hallmary to one of my client and on that way test as much of both suricata and wazuh but I've been short on time lately ....also you can disable the wazuh rule to make sure suricata can detect it " that's what I was planning "


Miguel thanks for the suggestion, only that this would be a half
solution, the idea is to have both flavors and what one does not
detect, the other does.


--
rickygm

http://gnuforever.homelinux.com

Miguel Martinez

unread,
Oct 28, 2019, 7:35:48 PM10/28/19
to Wazuh mailing list
No problem my suggestion was for testing purposes..... but seems like you don't want to prioritize the alert you want both of them to show I'm correct? ... in that case I can't be of much help lol...

Rick Gutierrez

unread,
Oct 28, 2019, 7:55:31 PM10/28/19
to Wazuh mailing list
El lun., 28 oct. 2019 a las 17:35, Miguel Martinez
(<miguel.a....@gmail.com>) escribió:
>
> No problem my suggestion was for testing purposes..... but seems like you don't want to prioritize the alert you want both of them to show I'm correct? ... in that case I can't be of much help lol...


I will try, with another type of attack and see how Suricata responds,
the other thing you mention to disable the rules by default I will
investigate, hopefully the wazuh guys say


--
rickygm

http://gnuforever.homelinux.com

Carlos Lopez

unread,
Oct 29, 2019, 3:24:41 AM10/29/19
to Rick Gutierrez, Wazuh mailing list
Good morning,

Regarding about GeoIP, you can compile Suricata with GEoIP support and you'll have geolocation on all Suricata alerts, Rick.

Regards,
C. L. Martinez


________________________________________
From: wa...@googlegroups.com <wa...@googlegroups.com> on behalf of Rick Gutierrez <xserve...@gmail.com>
Sent: 29 October 2019 00:55
Cc: Wazuh mailing list
Subject: Re: Suricata in wazuh does not detect attacks


--
rickygm

http://gnuforever.homelinux.com

--


You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/CAL_GE3Sftc9fvQPQ6EGnPA84AQeq%2BK%3DcfafUW1dmO-4oZtba9A%40mail.gmail.com.

Rick Gutierrez

unread,
Oct 30, 2019, 1:43:40 PM10/30/19
to Carlos Lopez, Wazuh mailing list
El mar., 29 oct. 2019 a las 1:24, Carlos Lopez (<clo...@outlook.com>) escribió:
>
> Good morning,
>
> Regarding about GeoIP, you can compile Suricata with GEoIP support and you'll have geolocation on all Suricata alerts, Rick.
>
>

Hi Carlos, install Suricata from rpm and I'm not sure if it brings
support with Geoip , I'm in the fight now, why? Suricata isn't
sending the log to wazuh app in kibana

any idea?

--
rickygm

http://gnuforever.homelinux.com

Carlos Lopez

unread,
Oct 31, 2019, 3:15:54 AM10/31/19
to Rick Gutierrez, Wazuh mailing list
Uhmm ... It will depend on which repository you have downloaded the package. My advice is to compile it.

But as a simple check, you can run "suricata --build-info" and you can see if GeoIP support is enabled.

Regards,
C. L. Martinez


________________________________________
From: Rick Gutierrez <xserve...@gmail.com>
Sent: 30 October 2019 18:43
To: Carlos Lopez


Cc: Wazuh mailing list
Subject: Re: Suricata in wazuh does not detect attacks

El mar., 29 oct. 2019 a las 1:24, Carlos Lopez (<clo...@outlook.com>) escribió:

Juan Davila

unread,
Nov 27, 2019, 8:29:10 PM11/27/19
to Wazuh mailing list
Hi,

Do you have one node or suricata is another node?

Have you set the ossec-server to read the logs from the location of the file where suricata logs are going. They could be going to /var/log/syslog or to the archives.json file in the server have you checked those files?

Have you searched in kibana? if you dont see them in Kibana but you see them in the log files of the server it could be a decoder issue.

Rick Gutierrez

unread,
Nov 27, 2019, 10:43:01 PM11/27/19
to Juan Davila, Wazuh mailing list
El mié., 27 nov. 2019 a las 19:29, Juan Davila
(<juan.i...@gmail.com>) escribió:
>
> Hi,
>

Hi Juan

> Do you have one node or suricata is another node?

one node , on the same server where I have installed wazuh with ELK

>
> Have you set the ossec-server to read the logs from the location of the file where suricata logs are going. They could be going to /var/log/syslog or to the archives.json file in the server have you checked those files?

yes , here I miss it is the following if I do an attack test on one of
my server where I have the wazuh agents, he detects the attacks
(wazuh), but not Suricata if I do an attack on the server where is elk
+ wazuh + Suricata if I see the Suricata attacks , I have the
centralized configuration in all the agents.

log of Suricata , this is an attack directly to the server wazuh + elk
+ Suricata :

11/09/2019-11:12:58.833814 [**] [1:2003068:7] ET SCAN Potential SSH
Scan OUTBOUND [**] [Classification: Attempted Information Leak]
[Priority: 2] {TCP} 192.168.11.14:19178 -> 192.168.11.2:22
11/27/2019-11:27:09.185856 [**] [1:2001219:20] ET SCAN Potential SSH
Scan [**] [Classification: Attempted Information Leak] [Priority: 2]
{TCP} 192.168.11.14:8582 -> 192.168.11.2:22
11/27/2019-11:27:09.185856 [**] [1:2003068:7] ET SCAN Potential SSH
Scan OUTBOUND [**] [Classification: Attempted Information Leak]
[Priority: 2] {TCP} 192.168.11.14:8582 -> 192.168.11.2:22

my configuration in centralized agents

cat /var/ossec/etc/shared/linux/agent.conf
<agent_config>
<localfile>
<log_format>json</log_format>
<location>/var/log/suricata/eve.json</location>
</localfile>
<wodle name="syscollector">
<disabled>no</disabled>
<interval>1h</interval>
<packages>yes</packages>
</wodle>

</agent_config>


look screenshot , wazuh detecting the attack on one of my web servers,
but not Suricata .


Any idea is welcome!







--
rickygm

http://gnuforever.homelinux.com
Captura de Pantalla 2019-11-27 a la(s) 9.40.24 p. m..png

Gergely Toth

unread,
Nov 28, 2019, 5:03:39 AM11/28/19
to Rick Gutierrez, Juan Davila, Wazuh mailing list
I have exactly the same issue.
The suricata recognize the attack and put it to eve.json but the wazuh doesnt show it.
I followed the guide here:

Gergely

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/CAL_GE3Q8PcAv6A0j7zttF%3D7%2BE8xNWtEi2pSMMkr3emp1m3hO7A%40mail.gmail.com.


--
Regards,

Gergely 

Gergely Toth

unread,
Nov 28, 2019, 9:00:40 AM11/28/19
to Rick Gutierrez, Juan Davila, Wazuh mailing list
Maybe need to make a new suricata eve.json parser. Or checking the different field.
I think in the default suricata parser not monitoring the 
"alerted": true
Field.

Only the event type but in my case the event type is flow
<rule id="86600" level="4">
  <decoded_as>json</decoded_as>
  <field name="timestamp">\.+</field>
  <field name="event_type">\.+</field>
  <description>Suricata messages.</description>
</rule>

Regards,
Gergely 
--
Regards,

Gergely 

Gergely Toth

unread,
Nov 29, 2019, 7:48:47 AM11/29/19
to Rick Gutierrez, Juan Davila, Wazuh mailing list
Hello,

I start troubleshooting the suricata alerts and looks the wazuh recognize only if the "event_type":"alert" like in the example.
the problem is if the event type is "flow" or "tcp". In this case the "event_type" is not "alert". In this case the "alerted" field is true.
I dont knwo why the suricata is working as it is maybe its a config think. 
Can someone help me to find the answer?

Gergely
--
Regards,

Gergely 

jose antonio izquierdo lopez

unread,
Nov 29, 2019, 8:07:05 AM11/29/19
to Wazuh mailing list
Hi Gergely, 

Suricata rules in Wazuh Manager are stopping anything that is not an alert event_type by default. 
I think you should check wazuh Suricata rules and enable or modify the needed  event_types.


Did you review it?  did you try to add a flow rule? 

    <rule id="86605" level="3">
        <if_sid>86600</if_sid>
        <field name="event_type">^flow$</field>
        <description>Suricata: FLOW.</description>
        <options>no_full_log</options>
    </rule>



Best regards, 
jose antonio izquierdo 
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.


--
Regards,

Gergely 


--
Regards,

Gergely 


--
Regards,

Gergely 

Gergely Toth

unread,
Nov 29, 2019, 8:14:11 AM11/29/19
to jose antonio izquierdo lopez, Wazuh mailing list
Hello Jose Antonio,

No I didnt try to add the flow rule because I dont know exactly what can happen?
If I add the rule what you mentioned below will I get an alarm on every event_type flow?

But I would like to get an alarm IF the event_type is flow/tcp... AND "alerted":true . Like this sample

{"timestamp":"2019-11-20T13:04:13.000623+0000","flow_id":1392837385050004,"event_type":"flow","src_ip":"192.168.36.58","src_port":53446,"dest_ip":"192.168.36.59","dest_port":80,"proto":"TCP","app_proto":"http","flow":{"pkts_toserver":5,"pkts_toclient":5,"bytes_toserver":403,"bytes_toclient":526,"start":"2019-11-20T13:03:12.055188+0000","end":"2019-11-20T13:03:12.059622+0000","age":0,"state":"closed","reason":"timeout","alerted":true},"metadata":{"flowbits":["http.dottedquadhost"]},"tcp":{"tcp_flags":"1b","tcp_flags_ts":"1b","tcp_flags_tc":"1b","syn":true,"fin":true,"psh":true,"ack":true,"state":"closed"}}

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.


--
Regards,

Gergely 


--
Regards,

Gergely 


--
Regards,

Gergely 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/27494efe-833e-458d-bb4c-944abb62d255%40googlegroups.com.


--
Regards,

Gergely 

jose antonio izquierdo lopez

unread,
Nov 29, 2019, 8:26:02 AM11/29/19
to Wazuh mailing list
Hi Gergely,

Maybe one of these will work

    <rule id="86605" level="3">
        <if_sid>86600</if_sid>
        <field name="event_type">^flow$</field>
        <field name="flow.alerted">true</field>
        <description>Suricata: FLOW.</description>
        <options>no_full_log</options>
    </rule>



    <rule id="86605" level="3">
        <if_sid>86600</if_sid>
        <field name="event_type">^flow$</field>
        <match>\palerted\p\ptrue</field>
        <description>Suricata: FLOW.</description>
        <options>no_full_log</options>
    </rule>

Best regards, 
jose antonio izquierdo 


To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.


--
Regards,

Gergely 


--
Regards,

Gergely 


--
Regards,

Gergely 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.


--
Regards,

Gergely 

jose antonio izquierdo lopez

unread,
Nov 29, 2019, 12:07:17 PM11/29/19
to Wazuh mailing list
Hi Gergely, 

did it work? 

Best regards, 
jose antonio izquierdo 




Gergely Toth

unread,
Dec 2, 2019, 6:45:00 AM12/2/19
to jose antonio izquierdo lopez, Wazuh mailing list
Hello Jose,

So , Looks the problem is somewhere is wazuh. The Suricata detects the attack but
The wazuh is always override the current alarm.
So thats why I cant see the alerts. Just only one.

Im looking for how to change this behavior in wazuh. Idea?

Gergely

On Mon, Dec 2, 2019 at 10:22 AM Gergely Toth <gergel...@unifiedpost.com> wrote:
Hello Jose,

The situation is really strange for me. Im tested it in our test environment and yes this rule worked for me.

    <rule id="86605" level="3">
        <if_sid>86600</if_sid>
        <field name="event_type">^flow$</field>
        <match>\palerted\p\ptrue</match>
        <description>Suricata: FLOW.</description>
        <options>no_full_log</options>
    </rule>

but I got a new suricata alerts for the same checks before the flow. So looks something was wrong on my wazuh changes.
TOday I will going to check in our prod env and will see. The full truth is, we have many wazuh related fine tune in our env since my first error.

I will come back with my results in 1-2 days

Gergely

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.


--
Regards,

Gergely 


--
Regards,

Gergely 


--
Regards,

Gergely 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.


--
Regards,

Gergely 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/6883e185-5490-4081-825b-db7258979c5b%40googlegroups.com.


--
Regards,

Gergely 


--
Regards,

Gergely 

Gergely Toth

unread,
Dec 2, 2019, 7:05:43 AM12/2/19
to jose antonio izquierdo lopez, Wazuh mailing list
Hello Jose, 

Maybe something missing form my Suricata config?

- eve-log:
    enabled: true
    filetype: regular
    filename: eve.json
    rotate-interval: 2h
    types:
    - alert:
        http: true
        tls: true
        ssh: true
        smtp: true
        dnp3: true
        tagged-packets: true

--
Regards,

Gergely 

jose antonio izquierdo lopez

unread,
Dec 2, 2019, 7:13:45 AM12/2/19
to Wazuh mailing list
Hi Gergely, 

Are we talking about the flow alerted-true one? 
Do you see the logline in the eve.json file? 

If not, maybe, there can be a Suricata configuration problem. 
If yes, then your rule should do the work or we need to change/adjust the rule.


Best regards, 
jose antonio izquierdo 

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.


--
Regards,

Gergely 


--
Regards,

Gergely 


--
Regards,

Gergely 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.


--
Regards,

Gergely 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.


--
Regards,

Gergely 


--
Regards,

Gergely 


--
Regards,

Gergely 

Gergely Toth

unread,
Dec 2, 2019, 7:24:36 AM12/2/19
to jose antonio izquierdo lopez, Wazuh mailing list
Hello Jose,

So, Looks the flow alerted-true related rule is not needed anymore. This part is working with the default setup mentioned on this link
I was on a wrong way

Today I ran an internal vulnerability scanning in our production environment and the alerts are arrived in the eve.json file.
The wazuh parsed the logs. And showed the alarms.
BUT
Its showing only 1 alarm. Only the current one. When the next alarm came only the new one is visible. If I change the time in kibana
and check Wazuh/Overview/Security events its showing only the last wan as an only one alert.
Like I said I had a "Suricata: Alert - ET DOS Possible SSDP Amplification Scan in Progress" alert for 2 mins
because the next alert what was "Suricata: Alert - ET USER_AGENTS Go HTTP Client User-Agent" overrode the alarm.
In the next I tried to change the time slot from 15 mins to 30 mins because my suspicious was to im out of the time slot but it doesnt helped.
I have only the second alam is reachable from the wazuh overview.

If  go to Kibana/Discover and filter to the certain time I can see the the different alerts alerts. So looks the wazuh not make a difference between the alerts and 
if a new alert came. It will show only that one.
All time the 86601 rule has been hit.



Gergely

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.


--
Regards,

Gergely 


--
Regards,

Gergely 


--
Regards,

Gergely 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.


--
Regards,

Gergely 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.


--
Regards,

Gergely 


--
Regards,

Gergely 


--
Regards,

Gergely 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/32b7892f-04c0-4d64-8bc3-bb632105494c%40googlegroups.com.


--
Regards,

Gergely 

jose antonio izquierdo lopez

unread,
Dec 2, 2019, 7:40:46 AM12/2/19
to Wazuh mailing list
Hi Gergely,

So it looks like you disagree with the filter way wazuh kibana plugin does show the alerts in security events view or even there is a filter issue with it. As this view is for all alerts I must suggest trying a more detailed Suricata alert dashboard like:

Screenshot 2019-08-05 at 06.23.46.png

This kind of dashboard will provide detailed info about all your Suricata alerts. 



Best regards, 
jose antonio izquierdo 

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.


--
Regards,

Gergely 


--
Regards,

Gergely 


--
Regards,

Gergely 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.


--
Regards,

Gergely 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.


--
Regards,

Gergely 


--
Regards,

Gergely 


--
Regards,

Gergely 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.


--
Regards,

Gergely 

jose antonio izquierdo lopez

unread,
Dec 2, 2019, 8:09:49 AM12/2/19
to Wazuh mailing list
Hi Gergely,

So it looks like you disagree with the filter way wazuh kibana plugin does show the alerts in security events view or even there is a filter issue with it. As this view is for all alerts I must suggest trying a more detailed Suricata alert dashboard like:

Screenshot 2019-08-05 at 06.23.46.png

This kind of dashboard will provide detailed info about all your Suricata alerts. 



Best regards, 
jose antonio izquierdo 

To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.


--
Regards,

Gergely 


--
Regards,

Gergely 


--
Regards,

Gergely 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.


--
Regards,

Gergely 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.


--
Regards,

Gergely 


--
Regards,

Gergely 


--
Regards,

Gergely 

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+unsubscribe@googlegroups.com.


--
Regards,

Gergely 
Reply all
Reply to author
Forward
0 new messages