Thanks !!

So nice of you

Thanks for your comments !!

Glad to hear that

In this case there will be a different approach. Here we have to Auto search host and then monitor those. We don't have to add them maually.

For the agent having dynamic ip's, when you register an agent on wazuh manager - instead on mention ip address you can mention "any". This will solve your problem.

@@UpBrightSkills also if we have a written set of code n we want to implement the same for look n feel on kibana but when we paste on JSON (under advance settings) we get some error like heavy file n takes me to the kibana dashboard how to fix that any idea??

Just, restart elasticsearch service using this command - service elasticsearch restart (this will solve your problem)

That i also need to check buddy, will check and get back to you.

Hi Manoj M.M. I hope you are doing fine! Unfortunately only you can customize the title of the Wazuh automatic reports, configuration section options are: * Filtering configuration by: group, category, rule, level, location, srcip, user * You can customize: title and email_to * An option to include full log with the report: showlogs Let me know if that is useful! Regards.

Thanks!

Thanks for inputs !! Refer to this video for alert setup. One more video coming this sunday for intergity monitoring. kzfaq.info/get/bejne/jK5hl6WFys3GoGg.html

Removing agent can be done from CLI, once removed from CLI it will also get removed from UI.

It should detect ip automatically if dhcp is available if not then you can manually assign the ip address.

You're welcome!

@@UpBrightSkills wazuh documentations link give me please

Here is the link - documentation.wazuh.com/4.0/user-manual/

Follow this to run openscap for ubuntu, there are several policy already present in wazuh to scan your debian systems. documentation.wazuh.com/3.12/user-manual/capabilities/policy-monitoring/openscap/how-it-works.html?highlight=openscap%20ubuntu

@@UpBrightSkills I have ubuntu 20.04 . So will it work on the new version?

It should work on latest version too !!

Pls check elastic search service

did you find it?#

Welcome

Hi, To monitor network devices, you can use syslog to forward events from them to the Wazuh Manager. The procedure basically consists in: 1. Adding the syslog configuration to the Manager and restart the wazuh-manager service. 2. Enable syslog in data source. 3. Add custom decoders/rules. You can find the complete procedure documented here: wazuh.com/blog/how-to-configure-rsyslog-client-to-send-events-to-wazuh/ and there's additional information here: documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/how-it-works.html#remote-syslog. Also, in case you need to create decoders/rules (most probably), you can find information for this here: documentation.wazuh.com/current/user-manual/ruleset/getting-started.html documentation.wazuh.com/current/user-manual/ruleset/custom.html documentation.wazuh.com/current/user-manual/ruleset/ruleset-xml-syntax/decoders.html documentation.wazuh.com/current/user-manual/ruleset/ruleset-xml-syntax/rules.html I hope it helps. Best regards.

Check elastic search service. That must be stopped or taking time to start.

@@UpBrightSkills yes tried that it worked but later stoped again. And now facing problem in agent connection. Hopefully it will be solved. And thank you for the video and replying.

Hello. To collect Snort logs, edit ossec.conf and add snort-full as a new log format and your Snort log path as the location for it. Restart your Wazuh agent and it will start reading the logs. To integrate Suricata with Wazuh read "Catch suspicious network traffic" and "Network IDS integration" in Wazuh's documentation. Join the Wazuh community to get more help.

Yes u can monitor aws servers too

@@UpBrightSkills how to add into my wazuh which is in my localhost? To find the logs and so on?

Not getting ip means ? You are not getting ip for accessing wazuh portal ? If yes, then kindly check your dhcp server amd connectivity to that or elae you can configure static ip address.

@Belen V when I restart wazhu manager. Wazhu dashboard restart manual. How to overcome that

Check your elasticsearch service. If that service is not running then you get such error.

@@UpBrightSkills how to check

service elasticsearch status | service elasticsearch restart. These are the 2 commands which you can use to check the status of service and to start the service

Hi, The message "Kibana server is not ready yet" usually appears when you just started Kibana. If this is not the case, it can also be caused by the following errors: - Your service or Kibana configuration has some error that causes it to constantly reboot. - Your elasticsearch service is not up or has some error. - Resources are insufficient. I recommend that at least to host the elasticsearch and kibana service, you should dedicate 4 GB of RAM and 2 CPU cores. If you have just started the kibana service, please wait a few minutes and try again. If this is not the case, then you will have to check the status of the elasticsearch and kibana services. Also check if the hardware resources are sufficient. Check the status of the Kibana service systemctl status kibana -l Check the kibana logs journalctl -u kibana | egrep -i "error" Check the status of the Elasticsearch service systemctl status elasticsearch -l Check the elasticsearch logs egrep -i "error" /var/log/elasticsearch/elasticsearch.log Best regards, Pedro Nicolas

wazuh | wazuh