Wazuh Server Offline Updates
369 views
Skip to first unread message
Eric Vu
May 26, 2022, 7:03:56 AM5/26/22
to Wazuh mailing list
Hello Team,
I'm using the current version of Wazuh 4.3.1, and the manager has been installed in Ubuntu 20.4. My server has been put in a restricted zone. Therefore, it's only permitted to connect directly to the internet with a list of IPs or URLs instead of opening any.
As far as my understanding, I see that Wazuh Server need to connect to the internet for modules as below.
- Vulnerability Detection
- Threat Intelligence (Virustottal Integration, etc.)
- Update ruleset
- Can I get all of the URLs or IPs need to connect to the internet? Any modules need to be connected to the Internet, which I'm missing?
- If Wazuh Server does not directly connect to the Internet, Is it possible to keep Vulnerability Detection, Threat Intelligence, Update ruleset, etc ... to updates & latest version? Has anyone faced this situation and what's approached?
Federico Pacher
May 26, 2022, 8:47:04 AM5/26/22
to Wazuh mailing list
Hi Eric,
Thank you for using Wazuh.
In order to keep the Vulnerability detection module up to date, here you have the official documentation which explains and give you all the URL you need.
About the ruleset, since v4.2, Wazuh is delivered with the latest ruleset on each release. Manual update is no longer necessary or supported.
About thread intelligence, you need to be connected to the internet, since VirusTotal is an online service that analyzes files and URLs for the detection of viruses, worms, trojans, and other kinds of malicious content using antivirus engines and website scanners. VirusTotal also provides an API that allows access to the information generated by VirusTotal without needing to utilize the HTML website interface. This API is subject to its Terms of Service which are briefly discussed here. There is no offline version of it and the manager will need to be connected to the internet in order to send the information to VirustTotal.
Thank you for using Wazuh.
In order to keep the Vulnerability detection module up to date, here you have the official documentation which explains and give you all the URL you need.
About the ruleset, since v4.2, Wazuh is delivered with the latest ruleset on each release. Manual update is no longer necessary or supported.
About thread intelligence, you need to be connected to the internet, since VirusTotal is an online service that analyzes files and URLs for the detection of viruses, worms, trojans, and other kinds of malicious content using antivirus engines and website scanners. VirusTotal also provides an API that allows access to the information generated by VirusTotal without needing to utilize the HTML website interface. This API is subject to its Terms of Service which are briefly discussed here. There is no offline version of it and the manager will need to be connected to the internet in order to send the information to VirustTotal.
I hope this information helps
Regards
Regards
Eric
May 26, 2022, 9:50:59 PM5/26/22
to Federico Pacher, Wazuh mailing list
Hi Federico,
Thank you for your email.
Its clear to me right now
Regards,
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/wazuh/uB30Wyn0qZs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
wazuh+un...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/wazuh/1e811661-737b-47c8-965b-346eeac5367fn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages