Hi Michael. Wazuh does integrate with VirusTotal and YARA to perform scans and detect malware. With this integration configured, it can run the scan immediately when a real-time FIM alert is triggered and remove malicious files using Active Response. You can learn more about using Wazuh with VirusTotal and YARA here: documentation.wazuh.com/current/user-manual/capabilities/virustotal-scan/index.html documentation.wazuh.com/current/user-manual/capabilities/active-response/ar-use-cases/removing-malware.html documentation.wazuh.com/current/user-manual/capabilities/active-response/ar-use-cases/wazuh-with-yara.html If you need community support, you can join our Slack community wazuh.com/community/join-us-on-slack/. Thank you.

Hi Bianca, It is possible that Kibana hasn't started correctly. You can execute "journalctl -ex -u kibana" in order to see if there is an error that could point us to the reason why it does not start correctly. I would love to invite you to our slack channel wazuh.com/community/join-us-on-slack/, and Google group groups.google.com/forum/#!forum/wazuh

The message “Kibana server is not ready yet” can be produced for one of the following reasons: - Your service or Kibana configuration has some error that causes it to constantly reboot. - Your elasticsearch service is not up or has some error. - Host resources are insufficient. I recommend that at least to host the elasticsearch and kibana service, you should dedicate at least 4 GB of RAM and 2 CPU cores. You will have to check the status of the elasticsearch and kibana services. Also check if the hardware resources are sufficient. Kibana - Check the status service: systemctl status kibana -l - Check the kibana logs journalctl -u kibana | egrep -i "error" Elasticsearch - Check the status service: systemctl status elasticsearch -l - Check the elasticsearch logs egrep -i "error" /var/log/elasticsearch/elasticsearch.log Please check if everything is OK.

@Javier Balmaceda Hey thanks for replying. Slack community helped me to get my issue resolved 😇

Hello The default user is admin and the default password is admin. If you want to change it, please check: documentation.wazuh.com/current/user-manual/elasticsearch/elastic_tuning.html

@@alberpilot thank you!

@Javier Balmaceda If I want to run on my system what should I do? And how can I run it? Can you please tell me?

Hi chunduru. Agents can be installed on different hosts each running their own OS. From that screen you will pick the command to install an agent but first you need to choose the OS of the machine where you want to install it. Then you will have to enter Wazuh server's IP address (run "ip addr" on the server to learn its IP). And lastly, as agents can be organized in groups, you can also choose a group for this agent. I hope I had answered your question.

Hi Adi Fauzi, I hope you are enjoying Wazuh! To make the Wazuh installation work from the OVA file using “NAT Network” instead of “Bridged Adapter” is very simple, once you import the VM with the default settings or the settings you specified, you will notice it is using the same LAN as your host machine (Bridged Adapter), you can attach it to a NAT Network following the steps below: 1. Create a “NAT Network” from File > Preferences > Network and click on the green icon that when hover says “Adds New NAT Network”. You can right click on it and select Edit NAT Network to see the Network CIDR 2. Right click on the Wazuh VM, select Settings, got to the option of “Network” and choose the NAT Network just created from the “Attached to” dropdown box list. There is something important to consider at this point if you use NAT Network in VirtualBox instead of a Bridged Adapter: - By default NAT Network does not allow connections from the outside, this means that your host machine will not be able to access the Wazuh Web Interface, unless you configure port forwarding for the NAT Network created. I will provide you with two options to connect to the Wazuh Web Interface: - Option 1: Create a Windows VM and attach it to the same NAT Network, you will be able to access the Web interface of Wazuh and when you want to add agents you can just attach them to the same NAT Network, you will keep everything isolated from your LAN - Option 2: Configure port forwarding, first get the IP address used by the Wazuh VM, then go to the settings of NAT Network and you will add a new port forwarding rule in the following way: Protocol: TCP, Host IP: 127.0.0.1, Host Port: Any port from 2000-65535, Guest IP: Wazuh VM IP, Guest Port: 443. Save this and you can access the Wazuh Web interface from your host machine, go to the browser and enter 127.0.0.1: Documentation about Virtual Networking in VirtualBox: www.virtualbox.org/manual/ch06.html I hope this address your question, happy to help here.

Hi chunduru. You will find login details in the file `/etc/filebeat/filebeat.yml`. The default username and password for the Wazuh deployment using the OVA image can also be found documented here documentation.wazuh.com/current/virtual-machine/virtual-machine.html. Notice that if using the older OVA image 4.1.5 you must switch to the 4.1 docs version. If you need community support you can join our Slack community wazuh.com/community/join-us-on-slack/. Thank you.

Hi houssem! One way to get the IPv4 address and see it in "inet" is to have the Virtual Machine network adapter attached to "Bridged Adapter" Here is what you have to do: 1. Keep the Wazuh virtual machine off 2. Right click on the virtual machine, click on settings, a pop up menu will appear 3. Click on Network, select in the dropdown of Adapter 1 Attached to: "Bridged Adapter" 4. Turn on the virtual machine 5. Enter the credentials and then the command ip addr, it should show an IPv4 address provided by the DHCP server from your modem/router Current documentation about deployment using OVA: documentation.wazuh.com/current/deployment-options/virtual-machine/virtual-machine.html Documentation about Virtual Networking in VirtualBox: www.virtualbox.org/manual/ch06.html Please, let us know if this addresses the issue.

Hi! The message "Kibana server is not ready yet" usually appears when you just started or restarted Kibana. It can also be produced for one of the following reasons: - Your service or Kibana configuration has some error that causes it to constantly reboot. - Your elasticsearch service is not up or has some error. If you have just started the kibana service, please wait a few minutes and try again. If this is not the case, then you will have to check the status of the elasticsearch and kibana services. Kibana - Check the status service: systemctl status kibana -l - Check the kibana logs journalctl -u kibana Elasticsearch - Check the status service: systemctl status elasticsearch -l - Check the elasticsearch logs cat /var/log/elasticsearch/elasticsearch.log Also a frequent reason for services not starting correctly is the lack of resources allocated to the host (in this case to the virtual machine). As a minimum it is recommended to allocate 4096MB of RAM and 2 CPU cores. Please check this. If you need more personalized help with this topic, I recommend you to subscribe to our google groups forum (wazuh+subscribe@googlegroups.com), or join our slack channel ( wazuh.com/community/join-us-on-slack/), where we answer all the questions asked by users.

@Jonathan Martín Valera when I did systemctl restart wazuh-api I am getting unit is not found.What is that mean? Should I install any package or what should I do. Can you please tell me.

@Jonathan Martín Valera I installed 4.0 and I am running in VMWare Workstation 16. Restart means should I uninstall and install again?

Im getting the same error as well. 😔

@Jonathan Martín Valera Yes I did using service wazuh-manager status in that I saw apid is running,but when I use systemctl restart wazuh-api I got unit not found. I don't know why it is coming like that.

When the message Dashboard server is not ready yet" can be produced for one of the following reasons: - Your service or wazuh-dashboard configuration has some error that causes it to constantly reboot. - Your wazuh-indexer service is not up or has some error. - Host resources are insufficient. (I recommend that at least to host the wazuh-indexer and wazuh-dashboard service, you should dedicate at least >4 GB of RAM and 2 CPU cores). Try to check the status of the wazuh-indexer and wazuh-dashboard services an also check if the hardware resources are sufficient.

@@user-cc4zv9np6p yes the sys req was the issue.

@@8080VB could you fix it?

@@user-cc4zv9np6p yes i can . Thanks for sharing the info .

@Daniel Folch hi, i've tried with the latest version and directly to one of the esxi node, not the vcenter, in this way all works fine. Thanks, TOP !!