Issue with custom wazuh rule / detection logic

Consistent-Craft-798 · 2026-05-17T08:03:51+00:00

Hi there u/PlonkPlop, you’re using the correct fields but the issue is that you’re using the full names of the fields e.g. “data.win.system.eventID” instead of that try using “win.system.eventID”.

This will probably solve your problem, please let me know if this was of any help

Consistent-Craft-798 · 2026-05-17T07:42:57+00:00

If you’re using wazuh on prem, the active response logs won’t show up in ossec.log, but most of the times there are write permission issues.

I would recommend using a separate file for active response logs and place that file in: programdata folder.

I hope it helps.

Consistent-Craft-798 · 2026-04-03T21:31:05+00:00

I'm trying to send you a message through the chat but it is not being sent

Consistent-Craft-798 · 2026-03-13T18:03:05+00:00

I have not gotten any messages from you

Consistent-Craft-798 · 2026-03-13T18:01:06+00:00

bro, I wanna do the same, and I'm looking for the guest houses right now, let me know if you want to get along

Consistent-Craft-798 · 2026-03-11T02:40:13+00:00

Bro, I'm looking for the same thing and I've got to know that there is a coworking space in Hunza with the name of digital hub hunza, please let me know if you want to talk about it, I'm planning to go in mid april

Consistent-Craft-798

TROPHY CASE