-
|Wazuh version| Component | Action type |
|---| --- | --- |
| 4.2 | Rule: 510 | False-Positive |
## Description
Wazuh rule 510 detects the /bin/diff of Ubuntu 22.04 as trojaned version.
### S…
-
Hello,
I am using Ansible for installation of OSSEC HIDS for mine windows machine. i am getting error during start time of ossec hids service "some other services is using.."
Here my ansible cod…
-
I've compiled ossec-hids-3.7.0 on macOS using pcre2 from Macports and also from: https://sourceforge.net/projects/pcre/
but I get this on startup:
````
2022/02/19 21:07:09 ossec-analysisd(1450)…
m4rkw updated
2 years ago
-
|Wazuh version|Component|Install type|Install method|Platform|
|---|---|---|---|---|
| 4.3.10 | FileBeat/ES/EvtChan decoder | Manager & Agent | Packages | all |
After assisting yet another Wazuh …
-
When activating the "Active Response", using the "firewall-drop", it does not receive the "srcip", registering in iptables only: "." instead of IP, using "host-deny" works normally.
When using the …
-
Hi,
i've just tried your guide, but i'm unable to get any result.
I see some traffic (tcpdump) coming from ossec server to my graylog server, but nothing is stored in databse. I get this log mes…
-
I never seen file deleted event triggered without realtime="yes".
This can be reproduced in 2 ways:
Reproduce sequence #1
have a simple agent-server setup with a simple syscheck config on agent:
``…
-
There are a couple broken links that I cannot find the right replacement link for (or I would have included them in #1974), but are broken. These include
- http://www.ossec.net/en/manual.html#iis i…
-
In PR#1161 - we can see that the function IPExist has been set back:
https://github.com/ossec/ossec-hids/pull/1161
But this function is never used and it's still possible to duplicate IPs using th…
-
Hi,
Since maltrail is a _great tool_ but doesn't have any 'proactive' feature, I try to peer it with various softwares like [fail2ban](https://github.com/fail2ban/fail2ban) or [ossec-hids](https://o…