Hello,
I have installed wazuh docker multi-node following this guide https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html
and I have correctly configured the alert notifications via email. However, I have a problem. I would like to keep the alerts at level 12 but receive an alert when Clamav detects a virus. If I map in the worker and master containers the file /var/ossec/ruleset/rules/0320-clam_av_rules.xml with the modified level, the rule is no longer triggered and I see nothing even in the Security Event section of the agent. If instead I follow this guide: https://documentation.wazuh.com/current/user-manual/ruleset/rules/custom.html, the rule is triggered but it remains at level 8. From the GUI I can correctly see the modified rules (in the first case) or added (in the second). How can I solve this? Can anyone help me?
Thanks in advance.
Hello, I have installed wazuh docker multi-node following this guide https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html and I have correctly configured the alert notifications via email. However, I have a problem. I would like to keep the alerts at level 12 but receive an alert when Clamav detects a virus. If I map in the worker and master containers the file /var/ossec/ruleset/rules/0320-clam_av_rules.xml with the modified level, the rule is no longer triggered and I see nothing even in the Security Event section of the agent. If instead I follow this guide: https://documentation.wazuh.com/current/user-manual/ruleset/rules/custom.html, the rule is triggered but it remains at level 8. From the GUI I can correctly see the modified rules (in the first case) or added (in the second). How can I solve this? Can anyone help me? Thanks in advance.