Wazuh | Mailing List

Additionally, if the indexes are being deleted manually from the dashboard, it would be advisable to

Hello Bilal, This is possible with the use of wazuh FIM with the aid of syscheck. When you have a

Hi Stuti Its an all in one environment , version 4.11.2 Output of the cluster health ----------------

Hi, most likely the poor performance is due to the users and groups issue. I'm going to set up an

Hello Felix, Based on my test, you should not get so many warnings and so much information from the

Hello, One way to do this is if you have a specific field in the alert that is commong to all or some

Hello Nazmur, I made the suggested changes and ran the indicated commands, these are the results of

Hi team, I have to integrate azure load balancer logs into wazuh for monitoring. I have to monitor

Thank you, Benjamin. I would like to close the ticket. On Wednesday, September 3, 2025 at 4:00:40 PM

Based on my findings at this moment, it is not possible to write sibling decoders for the Windows

Hi, Wazuh generates several internal log files, including alerts.log, archives.log, alerts.json, and

Hi, That configuration is performed in Suricata. Wazuh is now configured to receive the logs you

still the same issue I deployed the new wazuh instance but the issue remanis same Connected 50+

Mira que en la documentación que me mandas del quick start indica que se necesitan al menos 8 GB de

Did you have any luck with this? Were you able to install the agent? On Thursday, August 28, 2025 at

Hello Leonardo, Could you please share the complete alert, ensuring that any sensitive information is

Hello Lucas, I don't think that the issue is the bucket name, but try it if you can. Can you

Hello, If I understand you clearly, you mean the logs are not decoded properly. I feel the way you

Good afternoon! The problem is solved. I did not specify the parameters correctly when running the

Hello, There is no option to configure a "Close" in the Index Lifecycle Management. But

How can I avoid that the user login? I mean, How is the configuration to check only if the user is

Hi, Can you please share what exact you did to resolve above issue. On Thursday, June 5, 2025 at 3:41

I need a copy of your Docker Compose file to verify that the network communication between the pods

Hi If you want to stop those noisy ResourceDiscovered / ResourceDeleted events (rule IDs 80454 &

Hi Victor, Thanks for reporting this case — it can be very useful for the community to understand how

Hello Jorge, Please try the rule below and let me know if it meets your requirements. <rule id=

Miguel: I understand that, based on what you explained, the current approach might not fully fit your

Hello Nico, If you are aiming to ignore/silent event from the source IP of openVAS, you can simple

I had to change the plugins.security.system_indices.enabled parameter to false in /etc/wazuh-indexer/

To be more explicit i need for all users with role Administrators Pe luni, 1 septembrie 2025, la 12: