SIEM search expression GE 1.2

SmoggyFirefly0451 · March 13, 2025, 8:00pm

I can’t figure out how to get an active agent. Even after following the directions, I am stuck. Can anyone help?

SmoggyFirefly0451 · March 13, 2025, 8:03pm

SmoggyFirefly0451 · March 13, 2025, 8:03pm

JosephWhite · March 13, 2025, 8:05pm

The Wazuh server is not 127.0.0.1 You need the IP address of the Wazuh server, not the Windows server. You may access the Wazuh SIEM web interface from 127.0.0.1 when you are on the Wazuh server, but that is not its network ip address. Use “ip a” as instructed in the lab guide.

SmoggyFirefly0451 · March 13, 2025, 8:11pm

is the highlighted IP address the correct one? i do not know which one is the correct IP address

SmoggyFirefly0451 · March 13, 2025, 8:20pm

thank you. i found the right IP address.

JosephWhite · March 13, 2025, 9:27pm

It’s going to be the ens5 or eth0 address using 10.x.x.x. But you got it