yes yes yes yes no smtp.example.wazuh.com wazuh@example.wazuh.com recipient@example.wazuh.com 12 alerts.log 10m 0 3 12 plain secure 1514 tcp 131072 no yes yes yes yes yes yes yes 43200 etc/rootcheck/rootkit_files.txt etc/rootcheck/rootkit_trojans.txt yes yes 1800 1d yes wodles/java wodles/ciscat virustotal a86c45d8817f421ebaf1721e5a3794f966e4afbfc04b4e5d35b250fb9fd50670 syscheck json yes yes /var/log/osquery/osqueryd.results.log /etc/osquery/osquery.conf yes no 1h yes yes yes yes yes yes yes 10 yes yes 60m yes https://wazuh1.indexer:9200 https://wazuh2.indexer:9200 https://wazuh3.indexer:9200 /etc/ssl/root-ca.pem /etc/ssl/filebeat.pem /etc/ssl/filebeat.key yes yes 12h yes yes 5m 6h yes yes trusty xenial bionic focal jammy 1h yes buster bullseye bookworm 1h yes 5 6 7 8 9 1h no amazon-linux amazon-linux-2 amazon-linux-2023 1h no 11-server 11-desktop 12-server 12-desktop 15-server 15-desktop 1h no 1h yes 1h no 8 9 1h yes 1h no 43200 yes yes no /etc,/usr/bin,/usr/sbin /bin,/sbin,/boot /etc/mtab /etc/hosts.deny /etc/mail/statistics /etc/random-seed /etc/random.seed /etc/adjtime /etc/httpd/logs /etc/utmpx /etc/wtmpx /etc/cups/certs /etc/dumpdates /etc/svc/volatile .log$|.swp$ /etc/ssl/private.key yes yes yes yes 10 100 yes 5m 1h 10 127.0.0.1 ^localhost.localdomain$ disable-account disable-account yes restart-wazuh restart-wazuh firewall-drop firewall-drop yes host-deny host-deny yes route-null route-null yes win_route-null route-null.exe yes netsh netsh.exe yes command df -P 360 full_command netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d netstat listening ports 360 full_command last -n 20 360 ruleset/decoders ruleset/rules 0215-policy_rules.xml etc/lists/audit-keys etc/lists/amazon/aws-eventnames etc/lists/security-eventchannel etc/decoders etc/rules yes 1 64 15m no 1515 no yes no HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH no etc/sslmanager.cert etc/sslmanager.key no wazuh worker01 worker c98b6ha9b6169zc5f67rae55ae4z5647 1516 0.0.0.0 wazuh.master no no syslog /var/ossec/logs/active-responses.log syslog /var/log/dpkg.log