Closed SeyiSoneye closed 1 week ago
@SeyiSoneye After installing the vulnerable package, do you wait for syscollector to run again on the agent or restart it so that scan on start runs?
Could you give us the ossec.log?
@Dwordcito I restarted the agent so that scan on start runs.
ossec.log files: ossec-05.log ossec-06.log ossec-03.log
This is an expected behavior, if you restart the agent, we don't generate alerts by design.
Try again without restarting the agent (decrease the syscollector scheduler), and if the issue appears re-open the issue.
Description
It has been detected in https://github.com/wazuh/wazuh/issues/23244 that Vulnerability Detection is not generating alerts for Ubuntu packages.
Steps to reproduce
Inventory
Events
After installing the known vulnerable application on the endpoint, the vulnerability was included in the inventory but no alert was generated.
Inventory
Vulnerabilities added in Inventory. However no events generated.
Alerts