I found the 3rd solution to the challenge exercise. Not by wazuh, but by going into the logs and using ol’ fashioned grep until i came across an odd domain.
Looking back at this, I don’t feel like this exercise really guides people towards the answer. The domain in question is very vague, and barely appears in the logs. I know it’s meant as an exercise to find it for the students, but honestly… I can’t really see HOW you get there with the explanation you’re given.