At the module “Execution in Windows” I keep disconnecting, getting the following message:
An error was detected with your lab connection: Aborted. See logs.

Hello, I have the same problem. My labs too.

Hey, same here in 4 of my labs. Really annoying as i can’t progress any further in my ‘learn’ section of my career path

I’m also having the same problem.

Hello,

I am having a similar issue. I am confused on the Windows Event Logs exercises…
I do not get how you connect the two systems?? Can someone help me with it please?

i have trouble with Lab challenging exce.. in windows execution and Guiding exer… in Spearphishing with link too

3. In Wazuh, what is the IP address of the host that generated the Powershell process??? however i write the answer

Hey there - could you please provide the following information?

Lab Name: Execution in Windows
Lesson:
Part / Step Number:
Description of issue:
Screenshot:

If you have a second issue with a different lab, please open a separate thread.

I am on the Challenge and it is saying that the agent ip address is wrong as well as the time stamp and there is only one ip address and only two timestamps. Not sure what is being asked?

Question #3 and Question #5

Without giving too much away, the expectation for Question 3-5 of the Challenge Exercise is that you return to the SIEM, clear any previous search queries, and update the time frame. At this point, you can run the appropriate queries (using the same patterns that you learned in the Guided Exercise) to first locate any new processes related to PowerShell. You should find three alerts, all with the same IP address. Next, search for new processes related to the Command Prompt. You should find some number of alerts. You can answer Questions 4 and 5 with that information.