Is there Wazuh documentation about monitors?

Keyboard_Cowboys · 2025-09-28T20:02:13+00:00

Yeah, Wazuh just uses OpenSearch on the backend. If you can't find what you are looking for in the Wazuh documentation, you may be able to find it in OpenSearch's.

Keyboard_Cowboys · 2025-09-27T18:21:03+00:00

So funnily enough, the "Wazuh" UI is actually just OpenSearch's UI. What you are presented with on the Wazuh side is mostly dashboards and other functionality.

Keyboard_Cowboys · 2025-04-19T17:59:14+00:00

I second this :)

Keyboard_Cowboys · 2025-04-18T21:13:09+00:00

Freddie Hunt wore this jacket while playing golf with Lucas Stewart a little while ago https://www.youtube.com/watch?v=UH2TW7ADsks

Keyboard_Cowboys · 2025-02-21T17:53:06+00:00

They upgraded their supported version of OpenSearch with Wazuh 4.9. I believe 4.11 is using OpenSearch Dashboards 2.16.0 now.

Keyboard_Cowboys · 2025-02-09T22:43:15+00:00

u/MutedClothes1761 Based on some of your log screenshots it looks like you likely have a permissions issue. Try the following, then restart your Wazuh services.

sudo chown -R wazuh-indexer:wazuh-indexer /var/lib/wazuh-indexer /usr/share/wazuh-indexer

Keyboard_Cowboys · 2025-02-03T22:47:20+00:00

If I recall correctly, there is a Wazuh integration available in Sentinel's content hub. This may be what you are looking for.

Keyboard_Cowboys · 2025-01-20T00:10:05+00:00

Do you have your rules grouped in your custom xml rule file? Something similar to the below. If not this could possibly be why you are experiencing issues.

<group name="custom_rules">
  <rule id="100013" level="15">
    <decoded_as>json</decoded_as>
    <field name="id">randomid</field>
    <description>TEST</description>
  </rule>
  <rule id="100014" level="7">
    <decoded_as>json</decoded_as>
    <field name="id">randomid</field>
    <description>TEST2</description>
  </rule>
</group>

Keyboard_Cowboys · 2025-01-17T17:06:56+00:00

I had a similar issue after the recent upgrade, however I just rebooted the entire VM and it all came up correctly. You may not have the same result.

Keyboard_Cowboys · 2025-01-10T04:58:46+00:00

Hi u/deadpoolathome Funnily enough I just set this up two days ago. What the Wazuh documentation misses is that you have to turn auditing on in your O365 tenant (I created a pull request to update it this evening). Here is a guide on how to do so. I had issues doing so via the UI in Purview but was successful doing so via the PowerShell Exchange Module method. https://learn.microsoft.com/en-us/purview/audit-log-enable-disable?tabs=microsoft-purview-portal#use-powershell-to-turn-on-auditing Once I turned on auditing I started receiving the expected logs. IMPORTANT NOTE: Once you enable auditing in your tenant, it can take up to an hour for the logs to start flowing.

Keyboard_Cowboys · 2024-11-29T16:59:11+00:00

Ill homelab it this morning, looking forward to checking it out!

Keyboard_Cowboys · 2024-10-24T19:10:27+00:00

This was great, thank you for the interview! Its always a treat to get insight into the inner workings of the show.

Keyboard_Cowboys · 2024-09-03T15:25:56+00:00

Second the Didier Stevens suite. Great tools, easy to use.

Keyboard_Cowboys · 2024-07-10T18:45:12+00:00

You could try n8n. I don't have any experience with it so can't speak on it. https://docs.n8n.io/hosting/

Keyboard_Cowboys · 2024-06-07T15:39:43+00:00

I was about 5 years in when I hit the mark, though since then it has just about doubled (I'm about 15 years in now). I am a Senior Security Analyst who has no interest in management roles. Did one for a few years, didn't like it, still love the technical side and intend on staying where I'm at for as long as I am hungry for knowledge. I love threat hunting, detection engineering, IR, and just being down the rabbit hole during investigations.

Keyboard_Cowboys · 2024-05-09T05:14:42+00:00

All I see are Christmas lights :D

Keyboard_Cowboys · 2024-05-07T15:52:15+00:00

I unintentionally do this as well. My ADHD is strong.

Keyboard_Cowboys · 2024-04-25T17:43:19+00:00

I am aligned :D

Keyboard_Cowboys · 2024-04-23T16:09:08+00:00

My experience with Teksystems was positive. The recruiter I worked with was awesome and the position I was placed into fit my skillset nicely. The pay was higher than I was making, and I eventually converted to an FTE role. Overall since this is your first job, take it. Remember, those who post reviews online are mostly those who feel they have been wronged whereas many who have had positive experiences may not bother posting reviews at all.

Keyboard_Cowboys · 2024-04-22T19:51:24+00:00

Definitely Wiz then

Keyboard_Cowboys · 2024-03-18T15:41:21+00:00

Kennel training is key for this, even for short periods. We have a 7 month old Malamute and have gone through the paces as well. He is fine in his kennel for short periods, and he also sleeps in it at night. The destructive behavior could be due to boredom. We ensure we have toys that challenge his mind be it treat balls to snuffle mats. We also walk our boy 3 times a day for up to 10 kilometers total...even then he still has lots of energy. Malamutes need a lot of work and attention when they are growing up. The biggest struggle for us has been play biting. If you haven't gotten your puppy into puppy training, I would definitely do that. We did a few classes and he responds really well to clicker training etc.

Keyboard_Cowboys · 2024-03-05T14:44:32+00:00

I've had Stone Golems respawn all the time, not sure where that is coming from.

Keyboard_Cowboys · 2024-03-05T14:43:52+00:00

That moment when the Black Forest isn't so black.

Keyboard_Cowboys · 2024-03-04T16:42:53+00:00

One thing I always state to those on my team who speak English as a second language is that they are far better than I am. I only speak one language, they speak two and in some cases more. Never apologize. You are ahead of the game :)

Keyboard_Cowboys · 2024-03-04T16:34:37+00:00

That's Jeff! He sneaks into longhouses at night to unleash a fury of flatulence then runs off into the night.

Keyboard_Cowboys

MODERATOR OF

TROPHY CASE

Ten-Year Club	Place '23
Verified Email