im not sure if i’m doing somethin wrong but when i’m checking the nest question “4. What additional MITRE technique does Wazuh associate with the UAC bypass attack?” after completed all the steps, the techniques i typed aren’t working, i would like to know if there is an error with the platform. I have tried entering the other techniques requested in the questions, i’ve cheched and double checked but it’s not working
i attached a image
that’s weird, cause’ i did the same steps as u and double checking and my results are above, totally different
Hi, did you resolve this issue? I am having the same problem like you did.
I am having the same issue. Can’t get T1548.002 to show.
Hey there - I just tested the lab, and it performed as expected. Could you please provide a screenshot of what you’re seeing?
As far as troubleshooting goes, I would double-check your Atomic commands and confirm you’ve refreshed the browser (from the browser toolbar).
I started a fresh lab and was able to get it to work. Thank you.
My attack isn’t popping up in Wazuh. My Powershell says that it has run the test and everything was successful but when I refresh Wazuh, my attack doesn’t show. I re entered the attack over ten times, restarted Firefox and started from scratch twice.
Hey there - to confirm, are you seeing other alerts in Wazuh, and it’s just the 115005 alert that isn’t appearing? Or are you not seeing anything at all? Could you provide a screenshot?
I just tested the lab and the alert popped after my second atomics test.
Be sure you are seeing 1 Active agent in Wazuh before continuing.
If you see 0 Active agents, go back and troubleshoot the prior steps where you connect the Client to Wazuh (hosts file and ping)
I can’t get rule ID 115005 to show I ran the attack 6 timesProcessing: image.jpg…
Other alerts are showing except for the 115005. I already restarted a fresh new lab still running into the same thing.
I just tested the lab, but was able to generate the alert on the first attempt. Could you please re-post your screenshot? It doesn’t seem to have saved.
Specifically, please include a screenshot showing your full command history for the attack simulation. Additionally, please be sure that you’ve refreshed the Wazuh page.
