Logs in Archives But No alerts

[Milene Hadil BEDOUHENE]

Dear Wazuh Support Team,

I hope you are doing well.

I am writing to report an issue with my Wazuh server. I have configured it properly and also integrated both Zeek and Suricata into my environment. I created several rules using Zeek, and they are working perfectly.

However, I am currently trying to use Sysmon to generate alerts when a port scan is performed. I can see the logs in archives.json, but no alerts are being generated in alerts.json.

In the dashboard, I am receiving alerts generated by the default Wazuh rules, but none of my custom alerts appear. I am also using Filebeat in my setup.

Thank you for your support.

Best regards,