Highest Voted 'wazuh' Questions

0

votes

1 answer

View agent 000 in Wazuh dashboard views

When I run "/var/ossec/bin/agent_control -l" I see an agent with id 000. ID: 000, Name: org1 (server), IP: 127.0.0.1, Active/Local However, this agent is not available in the wazuh dashboard. If I go to the "events" view, I can see the alerts from…

wazuh

asked Jun 27 '23 at 19:05

user2782001

3,380
3
22
41

0

votes

0 answers

Graylog to Wazuh

I already have a graylog service that collects my logs, but I'd like to extend it with wazuh. I have the free version of both, so the graylog data I can send is in gelf format only. My question is: "How can I send data from graylog, in GELF format,…

asked Jun 22 '23 at 11:07

marcuz moser

11
1

0

votes

0 answers

Kibana Fails to Start after upgrading to 7.17

enter image description here Kibana service not working after upgrading to new version. Try a lot of things but it's not working. Firstly i did the all in one deployment of installing wazuh with elasticsearch , wazuh manager, wazuh server ,filebeat…

elasticsearch filebeat kibana-7 wazuh

asked Jun 21 '23 at 11:10

Code city

1
3

0

votes

1 answer

How to use curl to create a json payload so that wazuh acts on an agentless system

I have a wazuh manager running on debian that receives logs from a mikrotik router. Ehen someone fails 5 times trying to log in the router, it sends an alert to the manager that will act on said alert by adding the IP that tried to login to an…

json curl mikrotik wazuh

asked Jun 19 '23 at 13:54

Manuel Alberto Da Silva Cunha

1

0

votes

1 answer

wazuh, alert via email if no alert logged for 1 hour

I need to send an email if the fortigate firewall does not send a log to Wazuh for an hour. I tried some rules that chat-gpt generated but always endup with errors. The rule I used: …

wazuh ossec

asked Jun 13 '23 at 20:04

John Niyazi

11
1

0

votes

2 answers

how to get the ip address of Wazuh manager OVA file in vmware workstation

I have used the Wazuh OVA file in VirtualBox without any problem. But when I launch the Wazuh OVA file in VMware Workstation and try to know the IP address by typing ip addr I get this --- Can anyone help me understand where or what the IP address…

ip-address wazuh

asked May 29 '23 at 05:56

user21911653

3
1

0

votes

0 answers

Configuring wazuh rule to alert modsecurity events

I have a problem with creating rules with Wazuh, I want to monitor mod security events in the Apache logs, and I want Wazuh to alert every time mod security blocks an attack. There are predefined rules for that, and I included the log source, but I…

mod-security wazuh

asked May 22 '23 at 16:11

OUMAIMA BERJANE

1

0

votes

1 answer

WAZUH server 4.2.7 not generating the logs

I setup a wazuh sever 4.2.7 but after installing that I am facing an issue regarding log because my server is not generating the logs of the last 24 hours. Please respond as soon as possible

logging server detection issue-tracking wazuh

asked May 14 '23 at 09:56

SOC Analyst

9
1

0

votes

1 answer

Wazuh Quick Start

I'm trying to install wazuh and I keep getting this error. 04/05/2023 13:42:25 INFO: Starting Wazuh installation assistant. Wazuh version: 4.4.1 04/05/2023 13:42:25 INFO: Verbose logging redirected to /var/log/wazuh-install.log 04/05/2023 13:42:25…

wazuh

asked May 04 '23 at 13:48

SlingShot

3
1

0

votes

1 answer

wazuh-logtest able to decode the mariadb log but no decoder in archive.json file for the same log

I am trying to push logs from cloudwatch to my wazuh, I added following configurations to my ossec.conf file and restarted, but I was not seeing the logs in Wazuh Dashboard (Kibana) no …

wazuh ossec

asked Apr 25 '23 at 15:39

karmendra

2,206
8
31
49

0

votes

2 answers

I'm trying to configure email out in wazuh but failed to do so,I followed the official doc ,using postfix also implemented the app password but failed

Here is the configuration of my wazuh manager

elasticsearch wazuh

asked Apr 21 '23 at 07:53

Mannu

1

0

votes

1 answer

Writing wazuh/ossec rules for windows eventchannel

I have been trying to get started with writing custom rules for wazuh and cannot seem to get my rules to fire. in ossec.conf i have both the default ruleset path and the user defined path set to etc/rules etc/rules And in…

wazuh ossec event-channel

asked Apr 13 '23 at 18:38

Lauri

61
1
8

0

votes

0 answers

Does the wazuh disabled file have any impact on the system?

Does disabling the default wazuh decoder file in ossec.conf affect the wazuh API or wazuh operation, and does the same apply to rulebase files? I tried adding a label to disable the default decoder in the ossec.conf file, found that the system was…

wazuh

asked Mar 31 '23 at 03:11

babysbreath

1

0

votes

1 answer

How can I use the Wazuh 4.3 API or interface to retrieve log information from the /var/ossec/logs/alerts directory?

How can I use the Wazuh 4.3 API or interface to retrieve log information from the /var/ossec/logs/alerts directory?After reviewing the official documentation, I found that calling https://192.168.186.134:55000/manager/logs did not retrieve the…

wazuh

asked Mar 24 '23 at 12:22

julylies

3
1

0

votes

1 answer

Wazuh4.3 Api sent a post request to modify the role error

I am using the Wazuh4.3 API to modify the user role using a post request, but return the Missing query parameter 'role to me_ Ids, could you please tell me how to solve it I have checked the official latest documentation, but I have not found a…

wazuh

asked Mar 23 '23 at 04:06

julylies

3
1

Prev 1

2

3 4 5 6 7 Next

Questions tagged [wazuh]