15m 0 yes plain secure 1514 tcp 131072 no yes yes yes yes yes 43200 yes /var/lib/containerd /var/lib/docker/overlay2 no 1h yes yes yes yes yes yes yes yes yes yes yes yes 5m 10 yes yes 12h yes 5m 10 yes yes 60m yes https://wazuh1.indexer:9200 https://wazuh2.indexer:9200 https://wazuh3.indexer:9200 /etc/ssl/root-ca.pem /etc/ssl/filebeat.pem /etc/ssl/filebeat.key no 43200 yes no /etc,/usr/bin,/usr/sbin /bin,/sbin,/boot /etc/mtab /etc/hosts.deny /etc/mail/statistics /etc/random-seed /etc/random.seed /etc/adjtime /etc/httpd/logs /etc/utmpx /etc/wtmpx /etc/cups/certs /etc/dumpdates /etc/svc/volatile .log$|.swp$ /etc/ssl/private.key yes yes yes yes 10 50 yes 5m 10 127.0.0.1 ^localhost.localdomain$ disable-account disable-account yes restart-wazuh restart-wazuh firewall-drop firewall-drop yes host-deny host-deny yes route-null route-null yes win_route-null route-null.exe yes netsh netsh.exe yes command df -P 360 full_command netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d netstat listening ports 360 full_command last -n 20 360 ruleset/decoders ruleset/rules 0215-policy_rules.xml etc/lists/audit-keys etc/lists/amazon/aws-eventnames etc/lists/security-eventchannel etc/lists/malicious-ioc/malicious-ip etc/lists/malicious-ioc/malicious-domains etc/lists/malicious-ioc/malware-hashes etc/decoders etc/rules no 1515 no yes no HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH no etc/sslmanager.cert etc/sslmanager.key no wazuh manager master c98b6ha9b6169zc5f67rae55ae4z5647 1516 0.0.0.0 wazuh.master no no journald journald audit /var/log/audit/audit.log syslog /var/ossec/logs/active-responses.log