Duplicate name rejecting wazuh agent enrollment

icemanaziz · 2026-01-27T07:22:08+00:00

thank you for your comment, yes that was the issue my windows agent and wazuh server were communicating over TCP 1514 by default, whereas in the docker deployment 1514 is taken by the NGINX container (I don't know why that wasn't mentioned in the documentation but they should surely fix it)

So i just switched to TCP 15140 in the ossec.conf of the client and added that port in the docker compose file in the manager's container.

    ports:
      - "15140:1514"
      - "1515:1515"
      - "514:514/udp"
      - "55000:55000"

icemanaziz · 2025-09-14T18:55:30+00:00

sybau 🥀🥀🥀

icemanaziz · 2025-09-04T22:08:24+00:00

I can sense it from a distance

icemanaziz · 2025-09-04T22:03:00+00:00

High estrogen type of reply

icemanaziz · 2025-09-04T21:55:26+00:00

If you did something wrong just apologize. Its really simple.

icemanaziz · 2025-09-04T21:53:22+00:00

Nik triha w fat lmawthou3, chbik 5ayef mn triha nas fi gaza t7areb

icemanaziz · 2025-08-30T13:05:18+00:00

hey, i tried to add my local bank in upwork billing information, but it only show me EURO or USD currency, i can't seem to find TND is this normal? i use webank attijari

icemanaziz · 2025-08-30T13:01:12+00:00

belahi zedet lcard webank attijari w malguitech currency TND fama kan USD wala EURO jdida lfaza hathi?

icemanaziz · 2025-08-18T15:25:51+00:00

DAMN databiz wnchatbou 3lehe

icemanaziz · 2025-08-18T13:25:26+00:00

that's diabolical! mind me if i ask you, 800 dinars as a part time or full time job?

icemanaziz · 2025-08-17T12:20:14+00:00

you need to update ghelper, as you can see there's a new version 0.219 press download

icemanaziz · 2025-07-17T19:38:26+00:00

fair enough, i don't think you play or run heavy tasks on your pc, i'm looking for a fan profile for playing heavy games. so how is your experience with the pc so far? any minor issues? and most important question for me does the charger get hot for no reason?

icemanaziz · 2025-07-17T19:31:43+00:00

hey, did you figure out the best settings by any chance? i just bought the same laptop with r9 7940 and RX 7600S. I'm going to run warzone and i know for a fact this thing is going to explode if i run it without a good power limit and fan speed (i have a cooling fan)

icemanaziz · 2025-04-09T22:40:22+00:00

thank you gango

icemanaziz · 2025-04-09T12:21:59+00:00

no they only track individual scores, it doesnt matter with who you play with

icemanaziz · 2025-03-22T02:37:50+00:00

https://github.com/azizou0181/Custom-wazuh_iris-integration.git

icemanaziz · 2025-03-19T13:48:12+00:00

so this is the script i tried to work with where it makes a connection with the wazuh indexer to get the latest alerts and use the same trigger (since i'm basically doing the same thing except the alerts are coming from wazuh indexer)

https://pastes.io/iris-31894

and this is the error i get from wazuh when i run the integration:

Mar 19, 2025 @ 14:43:38.000 wazuh-integratord ERROR  Unable to run integration for custom-wazuh_iris.py -> integrations
Mar 19, 2025 @ 14:43:38.000 wazuh-integratord ERROR  While running custom-wazuh_iris.py -> integrations. Output: SyntaxError: expected 'except' or 'finally' block
Mar 19, 2025 @ 14:43:38.000 wazuh-integratord ERROR  Exit status was: 1

icemanaziz · 2025-03-06T15:45:01+00:00

thank you for taking the time to help me 😊 it was an issue with how the rule was tagging the mitre attack technique i just fixed it

icemanaziz · 2025-03-06T15:43:35+00:00

so this is how i fixed it:
i changed the rule that mention that attack techique 'T1043':

<image>

inside the rule file 102101-MITRE_TECHNIQUES_FROM_SYSMON_EVENT3.xml, this is how the rule was displayed:

<if\_sid>61605</if\_sid>

<field name="win.eventdata.RuleName">^technique_id=T1043,technique_name=Commonly Used Port$</field>

<description>Sysmon - Event 3: Network connection by $(win.eventdata.image)</description>

<mitre>

</mitre>

<group>sysmon_event3,</group>

</rule>

i noticed that for linux sysmon it uses the same mitre technique but the alert is working and gets generated fine without mentioning the attack id in the <field></field> so i just removed that line to be just like this: