Wazuh | Mailing List

Hi Yogi, You want your Wazuh and Sysmon setup to generate alerts only for applications that you

Hi CIA, I have found a third-party resource that helps you to forward the logs to Wazuh. To listen to

Hi Yap, It would be helpful if you could share sample JSON logs from the DNS Server logs. By default,

Hi Baran, Since version 4.3, many changes have been introduced. I recommend that you take a look at

Currently, the following tables are supported: https://learn.microsoft.com/en-us/azure/azure-monitor/

Hi The default decoder is decoding most of the fields, you can see in the image. Can you please let

Hello Prince, In order to execute the script on the agents, you need to add your custom active

Hi John, Sorry for the late reply. I'm glad to hear that the indexer issue has been resolved.

Hi John, Are you getting this error with the admin user or some other custom user you have created?

Hello Tengku, Can you explain your query in detail? Are you trying to filter out logs from triggering

Hello You cannot use multiple ports in the </port> section of the <remote> block. <

Hello Tengku, It seems to me the issue is with SMTP server name <smtp_server>smtp.office365.com

Hi, You already have <alert_format>json</alert_format>, so we need to check if alerts are

Hi, Do you still need assitance? Thanks, On Friday, December 19, 2025 at 1:51:27 PM UTC+8 Karlo

Hello, I need assistance with a task where a message should be displayed when a USB device is

Hi Hasitha, I followed the document and updated the required details; however, I'm still unable

Hello Riccardo, I am glad to hear that it all works now. For the new use case you have shared, you

Hello EugenX, It looks like this alert is being triggered due to the sdbinst.exe utility, which is

Hello again. Not sure I follow this. The @timestamp field differs from the date of the log? This

Hello Narasimha, To follow up on this, I found the blog below, which you can also use as a reference

I have a CVE that is CVE-2025-9086 over a Ubuntu 22.04.5 LTS (Jammy Jellyfish). Wazuh 4.14.1 show

Hi! Those warnings usually mean the manager cant find or read the list files from inside the

Hi, the ruler is not working as expected. It is still capturing the event of the rule 60204 even if

Hello, When you try to save a rule from the Wazuh GUI, Wazuh triggers a restart of the manager demons

Hello, The issue I see here is the XML file drilldown you did with the syscheck directory block. The

hello i dont have vulnerabilities.log file on wazuh manager somehow cat: /var/ossec/logs/

It seems that everything is back in order. CVE's from december security update has been detected

Hi, First, I will explain how vulnerability alerts are generated in Wazuh. The Vulnerability

Hi Robby, I've attached the GitHub link here so you can review the latest updates from the

Hi G Mail, Please let me know the update on this, so we can check further. On Sunday, December 21,