Hey man, I got the opencti with the alienvault connector working, thank you very much for that - but I am unable to get any feed into my opencti platform , I want to retrive not just the new pulses but also some old ones, my alienvault connector shows nill operatins and nill in progress. Thank you in advance
Good Day Friends, i have a question, is this wazuh server compatible with graylog server? which version should i try to install, and which settings / tutorial to use if i try to start SIEM? thank you
Where did the Home Page and Modules go? I have 2 installs of 4.8 Amzn Linux OVA installed on different VMWare boxes. One has the small House Icon and full Wazuh with a blue dot. It has homepage and access to the modules. The other only has the letter W with blue dot and no access to home page or modules. Both were installed as the Thick version. Where is module access now?
Please make an update video integrating this new version with copilot. I am having issues on the integration because of the different setting. Thanks again, you are an inspiration.
please help, I am having a "Temporary failure in name resolution" error in my copilot when connecting. Also, are we able to generate report from DFIR-IRIS data? Like count of closed cases for the month, or count of open cases, alerts, etc
Hi I started to created my homelab environment using your SIEM playlist. I have learned a lot and your content is really helpful. I just started to configure copilot in my environment. Works super great with dfir-iris. Thank you for this. Can you also please do an update with Wazuh 4.8.0, it has different settings under the user config and I am having an error whenever I tried to connect them
Hi, I have use OpenSearch in our AWS environment, however, I am unable to do log rollover to warm and cold for cost savings. While our OpenSearch keep breaking due to out of space in hot storage. I have applied ISM to indeces but it fails. I am using lambda function to load logs. Is there anything I should do in our lambda function to make it work? Also I am considering to move away from OpenSearch to Wazuh, whats your feedback on that? Thank you.
Help me, I had problems when installing Worldmap Panel. I am using grafana v11. In the grafana plugin the worldmap panel option didn't appear, and finally I installed it using the CLI. I have followed these steps, but when searching the worldmap panel I couldn't find it. Is there a problem with the grafana version?
I was able to create connection to the indexer(had to change the IP from 127.0.0.1 to 0.0.0.0 in the indexer config) but I'm unable to for the Manager.... (wazuh 4.8) (Quick install)
Hey Taylor, I'm not against SS (I actually like it a lot), but have you considered Prowler? I once tried to update the prowler wazuh wodle and it "kind of" worked but it didn't get anywhere. However, its JSON output is pretty easy to work with
Hi Taylor, Wonderful job in creating this tool. I was wondering if this can integrate with cloud version of Wazuh , if yes, do we need to follow the same steps as you explained in your other video? Also would you be able to do a video on integrating malwarebytes cloud EDR with co pilot?
When I am going to export a case from hive to misp it shows an error. Can you please give me a solution. I tried so many times to solve it but i couldn't fix that.
While retrieving data for this widget, the following error(s) occurred: Elasticsearch exception [type=illegal_argument_exception, reason=key [types] is not supported in the metadata section]. Why I'm having this error ?
For some reason, I've been unable to actually start using MISP after deployment, because the documentation and training I've seen so far is just not usable for beginners. Is there any other training that can be leveraged?
Hi guys i have "There are no results for selected time range. Try another one." - MITRE, Compilance. How can i fix it? I installed everything from tutorial the SOCFortress Way
I have imported the root-ca.pem into graylog but i still get 2024-06-05T22:29:19.666+02:00 INFO [VersionProbe] OpenSearch/Elasticsearch is not available. 2024-06-05T22:29:24.683+02:00 ERROR [VersionProbe] Unable to retrieve version from Elasticsearch node: unexpected end of stream on ingest.soc.local:9200/... - not found: limit=0 content=…: not sure what i can do, i have followed the video to the core, I have repeated the install and config a couple of times but i do not know what I am doing wrong
Please, can you make a video for incident response in shuffle through cortex responder? Maybe, as the completion of this particular automation. Thank you.
Hi Taylor, I tried installingt the copilot but the backend application is not coming up keeps failing with the following error message sqlalchemy.exc.OperationalError: (pymysql.err.OperationalError) (1045, "Access denied for user 'root'@'172.23.0.4' (using password: YES)")
Congrats for all your work Taylor! I'm having a problem [Failed to send POST request to /api/system/indices/index_sets with error: Index prefix "wazuh-testes" would conflict with existing index set prefix "wazuh-teste"] when trying to create the provision. Could you help me? I thought in deleting the existing index set, but can't find it
. - unable to find valid certification path to requested target. 2024-05-30T00:33:37.262-04:00 INFO [VersionProbe] Elasticsearch is not available. Retry #344 2024-05-30T00:33:42.278-04:00 ERROR [VersionProbe] Unable to retrieve version from Elasticsearch node: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. - unable to find valid certification path to requested target. 2024-05-30T00:33:42.279-04:00 INFO [VersionProbe] Elasticsearch is not available. Retry #345 2024-05-30T00:33:47.301-04:00 ERROR [VersionProbe] Unable to retrieve version from Elasticsearch node: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. - unable to find valid certification path to requested target. 2024-05-30T00:33:47.301-04:00 INFO [VersionProbe] Elasticsearch is not available. Retry #346 2024-05-30T00:33:52.330-04:00 ERROR [VersionProbe] Unable to retrieve version from Elasticsearch node: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. - unable to find valid certification path to requested target. 2024-05-30T00:33:52.330-04:00 INFO [VersionProbe] Elasticsearch is not available. Retry #347 2024-05-30T00:33:57.353-04:00 ERROR [VersionProbe] Unable to retrieve version from Elasticsearch node: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. - unable to find valid certification path to requested target. 2024-05-30T00:33:57.354-04:00 INFO [VersionProbe] Elasticsearch is not available. Retry #348