It works very good, easy to install and to apply.
download here
I don't know what's the matter with people: they don't learn by understanding, they learn by some other way — by rote or something. Their knowledge is so fragile! (Feynman)
curl -sO https://packages.wazuh.com/4.8/wazuh-install.sh && sudo bash ./wazuh-install.sh -a -i -o
curl -k -u admin:XXXX “https://127.0.0.1:9200/_cat/indices?v”
curl -k -u admin:XXXX “https://127.0.0.1:9200/_cluster/allocation/explain?pretty”
curl -u admin:XXXX –cacert /etc/wazuh-indexer/certs/root-ca.pem https://localhost:9200
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
curl -u admin:XXXX –cacert /etc/wazuh-indexer/certs/root-ca.pem https://127.0.0.1:9200
vim /etc/hosts
/var/ossec/bin/manage_agents
check the update of the rules or database vulnerability
/var/ossec/bin/wazuh-control restart
/var/ossec/bin/wazuh-modulesd -f
response=$(curl -s -X GET https://cti.wazuh.com/api/v1/catalog/contexts/vd_1.0.0/consumers/vd_4.8.0)
echo “$response” | jq -r ‘.data.last_snapshot_link’
echo “$response” | jq -r ‘.data.last_snapshot_at’
here to check the correct procedure
https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/offline-update.html
List of indexes:
curl -u <username>:<password> -XGET “https://10.134.11.6:9200/_cat/indices?v” -k
delete indexes:
curl -u <username>:<password> -XDELETE https://10.134.11.6:9200/wazuh-alerts-4.x-2023* -k
here to delete the log files : ls /var/ossec/logs/alerts/