In the vulnerability guide displayed on Wazuh, I updated everything that was identified, such as does Wazuh identify that everything has been updated and no longer show on the panel?
Hey Marcio, the vulnerability scan is ran via the syscollector woodle. By default it runs every hour but you can change the interval time if you want: no 1h yes yes documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/running_vu_scan.html If you resolved the vulnerability, then the next time the syscollector runs it should detect that you fix and not report that vulnerability anymore.
Hello, when my Notebook gets a different ip the ID that was registered on wazuh agent it changes to a new one and disconnects the old one. How do I if he changes the ip, do not change?
Hey Marcio, check out the use_source_ip and force_insert settings here: documentation.wazuh.com/current/user-manual/reference/ossec-conf/auth.html#use-source-ip These changes are made within the "" section of the Wazuh Manager's ossec.conf. I advise setting use_source_ip and force_insert both to a "no" value. Let me know if that helps!
How to deploy agents with internal IP remotely by using Ansible..can you please explain
if i alreaddy installed wazuh, can i add on by installing anisble on top ?
Excellent your videos.
Thanks for watching, Marcio!
In the vulnerability guide displayed on Wazuh, I updated everything that was identified, such as does Wazuh identify that everything has been updated and no longer show on the panel?
Hey Marcio, the vulnerability scan is ran via the syscollector woodle. By default it runs every hour but you can change the interval time if you want:
no
1h
yes
yes
documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/running_vu_scan.html
If you resolved the vulnerability, then the next time the syscollector runs it should detect that you fix and not report that vulnerability anymore.
@@taylorwalton_socfortress Perfect, thanks
Hello, when my Notebook gets a different ip the ID that was registered on wazuh agent it changes to a new one and disconnects the old one. How do I if he changes the ip, do not change?
Hey Marcio, check out the use_source_ip and force_insert settings here: documentation.wazuh.com/current/user-manual/reference/ossec-conf/auth.html#use-source-ip
These changes are made within the "" section of the Wazuh Manager's ossec.conf. I advise setting use_source_ip and force_insert both to a "no" value.
Let me know if that helps!
@@taylorwalton_socfortress Thanks
Can you record a video about how to automatically install Wazup agents on Windows, for example via AD or SCCM ?
Hey Eduard, sure I will look to add a video where we will create a GPO policy to install agents
Can you perform the integration with IDS Snort or another?
Coming soon! Suricata is the IDS I’ll be working with and is in the pipeline.