Groups
Groups
Sign in
Groups
Groups
Wazuh | Mailing List
Conversations
About
Send feedback
Help
Wazuh | Mailing List
Contact owners and managers
1–30 of 15784
Welcome to Wazuh mailing list. Our team will be happy to answer and help with all your questions.
We look forward to your feedback and contributions.
Mark all as read
Report group
0 selected
David Adonis
2:45 AM
Matching Rule Issue
Intention: - I am monitoring network traffic on my OpenWRT firewall. I use the nlbwmon package to
unread,
Matching Rule Issue
Intention: - I am monitoring network traffic on my OpenWRT firewall. I use the nlbwmon package to
2:45 AM
David Adonis
,
Olamilekan Abdullateef Ajani
7
Oct 18
Locating decoder syscheck_registry_key_added
Why can't I use "field name="syscheck.path"" to match and extract the value
unread,
Locating decoder syscheck_registry_key_added
Why can't I use "field name="syscheck.path"" to match and extract the value
Oct 18
Ahmad Shahabi
,
Olamilekan Abdullateef Ajani
8
Oct 18
How can I monitor the Wazuh Manager itself using Wazuh?
Thank you for your response. I followed your guidance for the cluster setup and was able to see the
unread,
How can I monitor the Wazuh Manager itself using Wazuh?
Thank you for your response. I followed your guidance for the cluster setup and was able to see the
Oct 18
Subash Ponnuswamy
,
Dennis Ariel Gamboa Veliz
4
Oct 18
Re: Archive Logs not visible in dashboard
Hi Dennis, This seems odd. One of the agents running in a Mac Studio has sent a large number of logs
unread,
Re: Archive Logs not visible in dashboard
Hi Dennis, This seems odd. One of the agents running in a Mac Studio has sent a large number of logs
Oct 18
M V
,
Parash Mani Kafle
5
Oct 17
logcollector: log lines may be lost
Thank you, Parash, for your continued help. My responses can be found inline below. On Fri, Oct 17,
unread,
logcollector: log lines may be lost
Thank you, Parash, for your continued help. My responses can be found inline below. On Fri, Oct 17,
Oct 17
Michael Tibbs
,
lucas....@wazuh.com
4
Oct 17
User login failure with correct password (web UI)
Thanks for the logs! A couple of checks that could get us closer to identifying the issue: Try the
unread,
User login failure with correct password (web UI)
Thanks for the logs! A couple of checks that could get us closer to identifying the issue: Try the
Oct 17
Álvaro Boza Hurtado
,
diego...@wazuh.com
6
Oct 17
Sending Keycloak logs to Wazuh
Hi Álvaro, Great! Now that logs are being collected, you need to create custom rules to generate
unread,
Sending Keycloak logs to Wazuh
Hi Álvaro, Great! Now that logs are being collected, you need to create custom rules to generate
Oct 17
Paul
,
jorge....@wazuh.com
6
Oct 17
IPv6 Address range in CDB List
Hi Paul, I have talked with my colleagues to know if we have it in the roadmap, they have confirmed
unread,
IPv6 Address range in CDB List
Hi Paul, I have talked with my colleagues to know if we have it in the roadmap, they have confirmed
Oct 17
PD
,
Bony V John
3
Oct 17
Rule
Hi, For Windows Event Channel logs, Wazuh uses a built-in decoder, which you won't see in the
unread,
Rule
Hi, For Windows Event Channel logs, Wazuh uses a built-in decoder, which you won't see in the
Oct 17
Brenno Garcia
,
Bony V John
5
Oct 17
Wazuh Custom Fields?
Hi, I understand your point. Based on the shared log and decoder, I have replicated the scenario on
unread,
Wazuh Custom Fields?
Hi, I understand your point. Based on the shared log and decoder, I have replicated the scenario on
Oct 17
Alex Nevsen
,
Leonardo López
2
Oct 16
[CTI] Rate Limits, Query Params, Batch Requests, and Request Intervals
Hello Alex, We are consulting the CTI team to provide you the information. Sorry the delay Thanks! On
unread,
[CTI] Rate Limits, Query Params, Batch Requests, and Request Intervals
Hello Alex, We are consulting the CTI team to provide you the information. Sorry the delay Thanks! On
Oct 16
Riccardo Olivetto
, …
Luciano Valinotti
4
Oct 16
Modify Full log
Hi Riccardo As the article you referred to shows, the 'chatgpt_response' field visible in the
unread,
Modify Full log
Hi Riccardo As the article you referred to shows, the 'chatgpt_response' field visible in the
Oct 16
Isaac
,
Bony V John
4
Oct 16
Custom dashboard for SCA - wazuh-dashboard plugin
Hello Bony Thank you for your response. I will check Wazuh API documentation and work in a
unread,
Custom dashboard for SCA - wazuh-dashboard plugin
Hello Bony Thank you for your response. I will check Wazuh API documentation and work in a
Oct 16
Smiljan Veber
,
Olamilekan Abdullateef Ajani
2
Oct 16
Rsyslog central server -> forward logs to wazuh
Hello, The reason why the agent did not capture any log is because of the way you have defined the
unread,
Rsyslog central server -> forward logs to wazuh
Hello, The reason why the agent did not capture any log is because of the way you have defined the
Oct 16
YIMMY ALEJANDRO DUQUE SALAZAR
Oct 16
Wazuh and Sophos
Has anyone connected Wazuh to Sophos Firewall so that the IP it detects is added to a Sophos IP host
unread,
Wazuh and Sophos
Has anyone connected Wazuh to Sophos Firewall so that the IP it detects is added to a Sophos IP host
Oct 16
Brenno Garcia
,
Juan Felipe González Ortiz
9
Oct 16
Predecoder Hostname field
Hi! Yes, that approach works. By adding the hostname to the log and creating a custom decoder to
unread,
Predecoder Hostname field
Hi! Yes, that approach works. By adding the hostname to the log and creating a custom decoder to
Oct 16
German DiCasas
,
Olamilekan Abdullateef Ajani
4
Oct 16
if_sid and if_matched_sid
Hello German, Yes, that is correct. Rule 300002 will trigger upon successful login after failed ones.
unread,
if_sid and if_matched_sid
Hello German, Yes, that is correct. Rule 300002 will trigger upon successful login after failed ones.
Oct 16
Szymon
,
Fabian Ruiz
10
Oct 16
Wazuh Dashboard Server is not ready yet
Hi In this previous message, we can see that an exception was thrown, but we don't have much
unread,
Wazuh Dashboard Server is not ready yet
Hi In this previous message, we can see that an exception was thrown, but we don't have much
Oct 16
Krishna Prasad Bhandary
,
Bony V John
5
Oct 16
Unable to monitor Docker containers
Hi, I was able to solve the issue by prompting with Claude. I realized the main issue was I had not
unread,
Unable to monitor Docker containers
Hi, I was able to solve the issue by prompting with Claude. I realized the main issue was I had not
Oct 16
Julian Jorge
,
Enrique Araque Espinosa
4
Oct 16
Docker Upgrade 4.13.1
After upgrading the Docker cluster from version 4.10.1 to 4.13.1, I was able to complete the process
unread,
Docker Upgrade 4.13.1
After upgrading the Docker cluster from version 4.10.1 to 4.13.1, I was able to complete the process
Oct 16
Joaquim António
,
jesusd...@wazuh.com
6
Oct 16
CDB rule matches with everything
Hello, To give an update, using lookup="match_key_value" works. Here is the working rule:
unread,
CDB rule matches with everything
Hello, To give an update, using lookup="match_key_value" works. Here is the working rule:
Oct 16
Bob Barrett
,
Stuti Gupta
7
Oct 16
Wazuh Keycloak SAML
Hi Bob When a role mapping is marked as reserved: true, it cannot be modified by users and sometimes
unread,
Wazuh Keycloak SAML
Hi Bob When a role mapping is marked as reserved: true, it cannot be modified by users and sometimes
Oct 16
Gokul Suresh
,
Manuel Jose Cano Rojo
4
Oct 16
Index Mapping Issue
Hi Gokul, The same principle applies to other data sources as well. Even if a particular data source
unread,
Index Mapping Issue
Hi Gokul, The same principle applies to other data sources as well. Even if a particular data source
Oct 16
Cosmin Popa
,
Ian Yenien Serrano
3
Oct 16
Multi-site implementation
Hello, This is the current opensearch_dashboards.yml file from my Server1 - which has the wazuh-
unread,
Multi-site implementation
Hello, This is the current opensearch_dashboards.yml file from my Server1 - which has the wazuh-
Oct 16
Mikayel Mikayelyan
,
Md. Nazmur Sakib
6
Oct 16
Cisco Firepower SF-IMS syslog
You can use sibling decoders. Sibling decoders refer to a decoder building strategy where multiple
unread,
Cisco Firepower SF-IMS syslog
You can use sibling decoders. Sibling decoders refer to a decoder building strategy where multiple
Oct 16
Alen Mustafic
,
Franco Giovanolli
5
Oct 15
Event Log Service Shutdown(Event ID 1100) not present in Wazuh logs
Hi Alen, Sorry for the delay. The development team has reported the following: This case may be
unread,
Event Log Service Shutdown(Event ID 1100) not present in Wazuh logs
Hi Alen, Sorry for the delay. The development team has reported the following: This case may be
Oct 15
Anastasia Bataeva
,
Carlos Anguita López
4
Oct 15
MITRE ATT&CK
Hello, It is important that you share more content from ossec.log as I need to see the error you are
unread,
MITRE ATT&CK
Hello, It is important that you share more content from ossec.log as I need to see the error you are
Oct 15
MaP
,
Olamilekan Abdullateef Ajani
4
Oct 15
Syslog-Forwarding: wazuh-csyslogd ERROR date or location not NULL or p is NULL
Hello Map, I think we have been able to isolate the issue and this seem to have been an ongoing case
unread,
Syslog-Forwarding: wazuh-csyslogd ERROR date or location not NULL or p is NULL
Hello Map, I think we have been able to isolate the issue and this seem to have been an ongoing case
Oct 15
pdnb
,
Luis Enrique Chico Capistrano
15
Oct 15
IT Hygiene
Luis , now issue was cookies - cleaning related to wazuh solve problem . Thank for your help ! środa,
unread,
IT Hygiene
Luis , now issue was cookies - cleaning related to wazuh solve problem . Thank for your help ! środa,
Oct 15
jernej65
,
Md. Nazmur Sakib
3
Oct 15
Missing CVE with vulnerability detector
Oh, thank you for you explanation. It's more clear now, why i don't see the CVE. Thank you
unread,
Missing CVE with vulnerability detector
Oh, thank you for you explanation. It's more clear now, why i don't see the CVE. Thank you
Oct 15