Wazuh | Mailing List

Hi all, I've recently set up Wazuh using Docker containers. I also have another application,

Hello, We're exploring the possibility of executing a command directly on a Wazuh agent via the

Hi Bony Thanks for reply. But , unfortunately, gmail cut the line showing rule. See below: line is

Hello, Is it possible for an active response to add an agent to a certain group for one hour? For

Hello, I did this : { "date_index_name": { "if": "ctx?.rule?.description ==

Thank you Stuti for your reply. I would like to know one more thing. Could you please specify which

HI There is an error " Document contains at least one immense term in field=\"

Not yet 😕. ___ Regards, SUMIT KUMAWAT On Mon, 8 Sept, 2025, 3:03 pm Julian Jorge, <julian.jorge.

Hi, You can refer to this document for creating a retention policy. Index lifecycle management helps

Hi George In this case, I recommend using a Wazuh CDB list to include all admin usernames. You can

Hi, NET STOP Wazuh --> service is not installed. msiexec.exe /x wazuh-agent-4.12.0-1.msi /qn ->

Hi Anand, It seems you're testing a log that has already been processed, most likely taken from

Hi Paulo I am glad that your issue has been resolved after removing 755 from the condition. On Sunday

Hi Bayu Sangkaya, Your children decoders should use the same name. For example, I have changed the

Hi Bony, Thanks for your earlier guidance — it helped a lot. I've confirmed that FortiGate logs

Hi Amin. Your proposed architecture sounds right for your environment. Running Wazuh on Kubernetes

Additionally, if the indexes are being deleted manually from the dashboard, it would be advisable to

Hello Bilal, This is possible with the use of wazuh FIM with the aid of syscheck. When you have a

Hi, most likely the poor performance is due to the users and groups issue. I'm going to set up an

Hello Felix, Based on my test, you should not get so many warnings and so much information from the

Hello, One way to do this is if you have a specific field in the alert that is commong to all or some

Hello Nazmur, I made the suggested changes and ran the indicated commands, these are the results of

Hi team, I have to integrate azure load balancer logs into wazuh for monitoring. I have to monitor

Thank you, Benjamin. I would like to close the ticket. On Wednesday, September 3, 2025 at 4:00:40 PM

Based on my findings at this moment, it is not possible to write sibling decoders for the Windows

Hi, Wazuh generates several internal log files, including alerts.log, archives.log, alerts.json, and

Hi, That configuration is performed in Suricata. Wazuh is now configured to receive the logs you

still the same issue I deployed the new wazuh instance but the issue remanis same Connected 50+

Mira que en la documentación que me mandas del quick start indica que se necesitan al menos 8 GB de

Did you have any luck with this? Were you able to install the agent? On Thursday, August 28, 2025 at