Wazuh | Mailing List

Hello, The reason your rules did not work is because you are linking two different rules to the same

Hi Nicolai 1st I run: sudo wazuh-install.sh Once finished, I run as its mentioned in installation log

Hi, I didnt get any result for this command : curl -k -u <USER>:<PASSWORD> -XGET "

Hello. From what you mention, the error that appears in the logs is not related to WhatsApp events.

HI, there are any filter for that? Regards German El martes, 23 de diciembre de 2025 a las 13:13:21

Thank you again, Karlo. Per the logs mentioned in my original email, no errors appear in integration.

Hello, I hope you're well. There is an official Wazuh blog post that has come in handy in the

Hi Gokul: Before diving into a specific root cause, it would be helpful to gather more context about

Hello once again, Thank you for the feedback, I see the status from the dashboard shows running. I

Hi, The behavior you're experiencing is related to rule 92651, which is designed to detect remote

Thank you very much, I managed to get the integration working thanks to your help. El viernes, 26 de

Hello. Thank you for your quick answer, but it didn't help. i have }, "ClientIP": {

Hi, To trigger alerts when a USB device is disconnected, please follow the steps I shared in my

Hi Stuti, Thanks a lot for pointing me the right command (again). I did use that back in 2022, but I

As stated in the log, the message received by wazuh-remoted is too big for the buffer and is in an

Hi Hasitha, I already able to collect the log after i enable the Debug Logging and store the log at C

Hi Yogi, You want your Wazuh and Sysmon setup to generate alerts only for applications that you

Hi CIA, I have found a third-party resource that helps you to forward the logs to Wazuh. To listen to

Hi Baran, Since version 4.3, many changes have been introduced. I recommend that you take a look at

Hi The default decoder is decoding most of the fields, you can see in the image. Can you please let

Hello Prince, In order to execute the script on the agents, you need to add your custom active

Hi John, Sorry for the late reply. I'm glad to hear that the indexer issue has been resolved.

Hello Tengku, Can you explain your query in detail? Are you trying to filter out logs from triggering

Hello You cannot use multiple ports in the </port> section of the <remote> block. <

Hello Tengku, It seems to me the issue is with SMTP server name <smtp_server>smtp.office365.com

Hi, Do you still need assitance? Thanks, On Friday, December 19, 2025 at 1:51:27 PM UTC+8 Karlo

Hi Hasitha, I followed the document and updated the required details; however, I'm still unable

Hello Riccardo, I am glad to hear that it all works now. For the new use case you have shared, you

Hello EugenX, It looks like this alert is being triggered due to the sdbinst.exe utility, which is

Hello again. Not sure I follow this. The @timestamp field differs from the date of the log? This