Data Loss Prevention Lab

UnableWorm2461 · April 4, 2026, 3:22pm

Data Loss Prevention Lab Question 4

There seems to be a problem with this lab question as nothing shows up when searching for *PAN*

Nothing is given in the current data range which the lab does not even mention.

JosephWhite · April 4, 2026, 5:06pm

It can take a minute or so for PowerShell to find the PAN data on Windows. In the lab guide we state the following:

I just ran the lab and indeed, at first there are no results. Then after 60 seconds I do see a hit on PAN data.

If I wait longer the search script runs periodically and I get multiple hits:

UnableWorm2461 · April 4, 2026, 10:18pm

No change on my end. I waited well over 60 secs.

Also checked and verified code placing

And restarted both the Windows Wazuh and Ubuntu wazuh services.

UnableWorm2461 · April 4, 2026, 10:22pm

Windows conf file.

Windows stop and restart a bunch of times

UnableWorm2461 · April 5, 2026, 12:46am

Ok. I noticed that the Wazuh ossec.conf file needed to be complete with all of the code indexes. I originally just started on the last part as i restarted the lab and immediately started on Part 3. I’d be cool if some of these parts can be done separately.