Wazuh Server | Security Check

[John Carry]

Dear Wazuh Team,

Is there way can monitor the security status and vulnerabilities of out the wazuh server itself ? I tried to find the logs for the wazuh server itself but no success.

Please share the method that would enable us to monitor and find the vulnerabilities of the wazuh server itself like we do normally for other agents...

Does it require to install wazuh agent on the wazuh server ?

[Anthony Faruna]

Hello John

Thank you for using Wazuh!

By default, the Wazuh server monitors itself. The manager includes an agent with ID: 000 when you install it. So you do not need to install the agent on the manager to achieve this.

Although the manager is not listed in the dashboard, you can run the below command with root privilege in your manager to view it:

/var/ossec/bin/agent_control -lc 

To check the server alerts, you need to go to Security events, Event section, and filter by agent.id:"000"

Vulnerability scanning is not enabled by default.  For you to see the vulnerability scanning report, you have to enable the module, which I think you already have. 

Next, you have to also enable the provider for the vulnerability feeds. We currently have support for the following distributions.

So if your server is installed on one of those distributions, kindly enable the provider, and you will be able to see the scanning report for the server. 

You can find more details on running vulnerability scanning here.

Best Regards

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/c946eb0a-e8ec-4cd6-8b4d-0203ed82b0f3n%40googlegroups.com.