yes yes no no no smtp.example.wazuh.com wazuh@example.wazuh.com recipient@example.wazuh.com 12 alerts.log 10m 0 3 12 plain secure 1514 tcp 131072 no yes yes yes yes yes yes yes 43200 etc/rootcheck/rootkit_files.txt etc/rootcheck/rootkit_trojans.txt yes yes 1800 1d yes wodles/java wodles/ciscat yes yes /var/log/osquery/osqueryd.results.log /etc/osquery/osquery.conf yes no 1h yes yes yes yes yes yes yes 10 yes yes 12h yes no 5m 6h yes no trusty xenial bionic focal jammy 1h no buster bullseye bookworm 1h no 5 6 7 8 9 1h no amazon-linux amazon-linux-2 amazon-linux-2023 1h no 11-server 11-desktop 12-server 12-desktop 15-server 15-desktop 1h no 1h no 8 9 1h yes 1h yes 1h no 43200 yes yes no /etc,/usr/bin,/usr/sbin /bin,/sbin,/boot /etc/mtab /etc/hosts.deny /etc/mail/statistics /etc/random-seed /etc/random.seed /etc/adjtime /etc/httpd/logs /etc/utmpx /etc/wtmpx /etc/cups/certs /etc/dumpdates /etc/svc/volatile .log$|.swp$ /etc/ssl/private.key yes yes yes yes 10 100 yes 5m 1h 10 127.0.0.1 ^localhost.localdomain$ disable-account disable-account yes restart-wazuh restart-wazuh firewall-drop firewall-drop yes host-deny host-deny yes route-null route-null yes win_route-null route-null.exe yes netsh netsh.exe yes command df -P 360 full_command netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d netstat listening ports 360 full_command last -n 20 360 ruleset/decoders ruleset/rules 0215-policy_rules.xml etc/lists/audit-keys etc/lists/amazon/aws-eventnames etc/lists/security-eventchannel etc/decoders etc/rules yes 1 64 15m no 1515 no yes no HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH no etc/sslmanager.cert etc/sslmanager.key no wazuh node01 master aa093264ef885029653eea20dfcf51ae 1516 0.0.0.0 wazuh.manager no yes syslog /var/ossec/logs/active-responses.log custom-misp.py sysmon_event1,sysmon_event3,sysmon_event6,sysmon_event7,sysmon_event_15,sysmon_event_22,syscheck json custom-iris.py https://iriswebapp_nginx:8443/alerts/add 6 ossec,syslog,syscheck,authentication_failed,pam,pfsense,suricata,misp_alert APIKEY json