I have been stuck for 3 days on this exercise, when I log in to wazuh from Firefox and check the security events dashboard, I only see 5 alerts and not hundreds, when I search the filter nothing pops up kinda confused on what I am doing wrong so I can be on the right track. any help? I can send screenshots if needed.
yes but when I click the security events only 5 is shown and I’m kinda confused why I am not getting 500+ , also not able to use the filter causing an error
this is what I seen am I doing something wrong ? do I need to adjust the date frame to see more events ?
When I first log in I see 47 events, then after a bit I refresh and see:
When I apply the search query I see:
As long as you can find the RDP connections, I don’t think it matters how many event you start with 
Theory: when the labs were originally made the Windows machine had a lot of logs on it. Recently labs were ported to a new version of the lab manager and the logs may have been cleaned as part of that process.
1 Like