I feel really dumb. Can’t figure out the rules file that needs to be changed. I figured out the rest…getting a little frustrated with myself, any hints out there by chance?
You’re NOT dumb 
In the labs they show you how to find where the rules are and how to change them. This is a challenge so it’s intentionally terse. The test is to see if you know how to set the date and time, how to search for an event, how to find where that event is logged and how to change the log. The challenge also tests if you know how to hook the Windows agent up to the Wazuh server and then test. As a Hint I can tell you that someone made a local rule, and that is the rule you need to change.
This is not easy stuff. Give yourself permission to struggle and learn.
1 Like
Thank you for your response I think it’s the format they want the answer in that’s throwing me off! Kicking myself because I know all the other answers and understand the concepts, I’m just getting hung up on that fine detail lol! I love Cybrary, it’s so much fun, even when it’s challenging.
1 Like
I got it all figured out now! Thank you again