Wazuh | Mailing List

Hi Anand, The core issue appears to be that, in the Docker deployment, the Wazuh agent (or the

Hello, good day everyone. Please some help here? On Wednesday, 6 May 2026 at 11:48:30 UTC Alara Joel

Hi German, I tested this on my side and experienced the same issue. To resolve it, follow the steps

Hello, That rule, 100034, will trigger when it sees 5 events in 1 second as it should per what you

Hi, Your questions cover several broad topics, so to improve communication and help you more

Hello, After evaluating the issue, I noticed you added the permission: indices:data/write/delete to

Hi, any luck finding a solution? I've ended up filtering that type of events, although it's

Hi Sergio, Wazuh components are easily scalable. You can easily add more Wazuh Manager or indexer

Hello, Were you able to check what was mentioned earlier? Feel free to ask me if the issue is still

Hello Samson, I have attached the required screenshots—please review them. Additionally, I configured

To determine if Wazuh is dropping events, monitor these files on the Wazuh manager. /var/ossec/var/

Hi Bony, I have configured the email alerts as suggested, and they are working fine. Currently, the

Hi David, Review the <indexer> configuration block in ossec.conf based on this doc. Wazuh

Hi Emar, You cannot see more than the top 5 field values when you hover over a field on the left side

Hello Emarf, What you are trying to do I believe depends on how the file was detected. Wazuh FIM logs

Follow these steps to configure the FIM for the W drive in real time. Run PowerShell as an

Hello, Yes, Wazuh can alert on both. For failed logon attempts: Wazuh has a built-in rule ID 18106

Hi, The MITRE ATT&CK dashboard not showing data may be related to a field mapping issue. First,

Hello Thank for guidance now i have increase the heap size 2GB to 4GB and now i am able to export 30

Hello Nazmur Thanks for clerification. On Thursday, May 7, 2026 at 11:19:03 AM UTC+5:30 Md. Nazmur

Hi Bobrov Yes, your configuration looks correct. After starting the services, please validate the

The username or password will be your indexer user password. You can use the user admin and the admin

Thank you very much for your help. Now the field "data.aws.timestamp" has been changed to

Hello Chris, Great investigation and thank you for sharing your findings and recommendations. Regards

Hello Gabriel, The main issue is that your Wazuh Dashboard is failing to start because it cannot find

Hi Jones, After testing the different MaxMind databases, I can confirm that the geolocation showing

Hello, This depends on the type of logs you wish to present. By default, Wazuh provides custom

i want groups and users to be displayed in the inventory data section for each agent, i've tried

Hi Olamilekan, Somehow I missed this message. Thanks so much for the help. I will look into it and

It seems like the Alert rule.groups names are different from what we initially configured. We were