Questions tagged [wazuh]

93 questions

votes

1 answer

Wazuh - Filebeat - Elasticsearch non-zero metrics

Could you please help me solve this Filebeat error? Its Wazuh manager server. All is working, I can connect to Kibana web, enter Wazuh app and I can see there my three Wazuh agents connected and active. I want FIM monitoring nad If I change file on…

asked Feb 04 '22 at 08:56

user17982848

votes

1 answer

In Wazuh, the rule.level for powershell is different from alerts.json

I have a powershell rule in /var/ossec/etc/rules/local_rules.xml The rule is: sysmon_event1 \\powershell.exe||\\.ps1||\\.ps2 …

wazuh

asked Feb 02 '22 at 13:11

muyuka

votes

2 answers

KIBANA - WAZUH pattern index

I have a project to install wazuh as FIM on linux, AIX and windows. I managed to install Manager and all agents on all systems and I can see all three connected on the Kibana web as agents. I created test file on the linux agent and I can find it…

indexing design-patterns kibana field wazuh

asked Jan 27 '22 at 09:37

user17982848

votes

1 answer

FileNotFoundError: [Errno2]: No Such file or directory:

I am trying to make a server hardening script for my work, part of it is to install wazuh-agent on the servers that will be connected to a SIEM manager. The script has 2 parts, one where it adds the repo entry - that works fine. The second part…

python scripting centos wazuh hardening

asked Jan 01 '22 at 17:47

hj-

votes

1 answer

Could I change the UI of wazuh app by replacing Kibana with my own UI?

I'm trying to replace Kibana with my own custom UI and use it with wazuh app...is that possible? and how? I build my UI and try to look for the endpoint that's Kibana call to fetch the data but its very hard to locates them and I think Kibana makes…

kibana wazuh

asked Dec 11 '21 at 11:57

Jaf Dev

votes

1 answer

wazuh-kibana-app not running development server

i want to run a local development server for wazuh-kibana-app, so i can modify the application's ui .. but every time i try to run the development server using "npm start" i get an error with response : **> wazuh@4.2.4 start > plugin-helpers…

localhost kibana web-development-server wazuh

asked Nov 17 '21 at 07:53

Joe Barbaro

votes

1 answer

Wazuh child decoder not parsing field correctly

I am trying to parse a log as shown below with a child decoder in wazuh 4.x, for some reason its not parsing the needed field Log entry ossec: output: 'domainjoin-cli query|grep -i Domain': Domain = mydomain.local Child Decoder

ossec wazuh

asked Nov 04 '21 at 04:06

Atul

votes

1 answer

OSSEC Agent -- Capturing hourly logs

I have an issue with capturing exchange logs from a customer production environment. The logs exist in a set of directories, and are labeled such as: -- .../dir1/http_2021101002-1.log -- .../dir1/http_2021101003-1.log --…

ossec wazuh

asked Oct 18 '21 at 19:35

Lyle Reger

votes

1 answer

Plugin-helpers not found in wazuh-kibana-app

I have cloned the Wazuh-Kibana-app source code from https://github.com/wazuh/wazuh-kibana-app I have made some changes in the styling. So, i am making build of the app by running npm run build but i am getting this error Command "plugin-helpers"…

plugins kibana wazuh kibana-plugin

asked Sep 19 '21 at 22:55

Zeeshan Ahmed Sarwar

votes

1 answer

SSL conf for Wazuh integration

how can I specify ca-cert or disable SSL verification when setup Slack integration in Wazuh? I can`t see any directive for this in docs (https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/integration.html)

wazuh

asked Aug 09 '21 at 12:45

Kobalelovx

votes

1 answer

Wazuh custom rules for command monitoring

I am struggling to write a custom wazuh rule in order to send alert when specific commands are written (powershell and bash). Can anyone help me? Thanks in advance!

wazuh

asked Jul 27 '21 at 20:20

user16540540

votes

1 answer

wazuh manager - wazuh-db won't start

I am running Wazuh 4.1.5 and installing only the Wazuh manager on a Debian 10 box. Starting Wazuh leads to the error message wazuh-db did not start correctly And that is it. Is there a debug mode for the logging? My client is using Wazuh manager…

ossec wazuh

asked Jul 15 '21 at 16:43

user1309220

votes

1 answer

Configurations for Anomaly Detection Kibana plugin

I'm trying to set up the anomaly detection for opendistro elasticsearch. On their official website, they have the documentation that explains how to set it up.…

elasticsearch kibana anomaly-detection elasticsearch-opendistro wazuh

asked Jun 14 '21 at 16:49

John

votes

1 answer

upgrading from ossec to wazuh - "local/standalone" mode?

I am currently running ossec 3.6 in local mode and forwarding data to Splunk. I cannot seem to find something similar in wazuh - am I missing something? We really don't want to have a manager as all our data goes to Splunk anyway. We'd like to…

splunk ossec wazuh

asked Jun 04 '21 at 11:57

user1309220

votes

1 answer

Tips to Resolve "No living connection " on starting kibana in windows

''' \log [13:36:52.255] [warning][admin][elasticsearch] Unable to revive connection: http://localhost:9200/ log [13:36:52.277] [warning][admin][elasticsearch] No living connections log [13:36:52.279] [warning][task_manager] PollError No Living…

elasticsearch kibana elk wazuh

asked Mar 24 '21 at 07:49

Oshin aggrawal

Prev 1 2 3 4

6 7 Next