kpreeti2588
commented
1 week ago The issue is with wazuh master configuration. Wazuh master config is not getting propagated to wazuh workers and that is the reason alert is not getting generated since workers are not able to find the lists path in the wazuh configuration.
I tried to implement blocking of malicious IP following document: https://documentation.wazuh.com/current/proof-of-concept-guide/block-malicious-actor-ip-reputation.html and enabling threat intelligence following: https://documentation.wazuh.com/current/user-manual/capabilities/malware-detection/cdb-lists-threat-intelligence.html but wazuh server is not triggering alert for the matched IPs or hashes in the CDB list. Although, when I am testing the ruleset, it is showing me that rule will get triggered but wazuh dashboard is not displaying it Is there any bug or any additional setup needs to be done in case of wazuh deployed in K8s. Please help