Not abble to finish the lab, i’m configuring the /var/ossec/etc/rules/local_rules.xml as it shows in the instructions of the lab but the alert do not show up in wazuh, i’m also restarting the wazuh-manager.service and reconnecting in Remmina.
Configuration of the rule in the /var/ossec/etc/rules/local_rules.xml:
Were you able to figure it out? I’m stuck on that lab
One thing to be sure of is that the Window’s agent can reach the Wazuh server. You have to find the IPs for your lab and be sure the wazuh service is stopped and started on the Windows client. When you log into Wazuh for the first time you need to see an active agent:
Hi Joseph, thanks for the reply,
Yes, the agent appers in the wazuh as active agent, the lab goes well through all the steps before the custom rule is configured but the rule of level 12 doesn’t appears in wazuh.
