User contributions for Sunilvarma
From Notes_Wiki
- 23:19, 1 August 2025 diff hist +6,453 N Forwarding Palo Alto Firewall Logs to Wazuh Manager Created page with " Home > Wazuh > Forwarding Palo Alto Firewall Logs to Wazuh Manager == Overview == This article explains how to configure a Palo Alto Firewall to send logs directly to the Wazuh Manager (acting as a syslog server), and how to parse them using custom decoders and rules in Wazuh. == Prerequisites == * Wazuh Manager installed * Palo Alto firewall reachable from Wazuh * UDP port (e.g., 5141) open on Wazuh * Syslog configuration enabled on firewall =..." current
- 23:18, 1 August 2025 diff hist +10 Wazuh current
- 23:17, 1 August 2025 diff hist +10 Forwarding Firewall Logs to Wazuh Manager current Tag: Visual edit: Switched
- 12:54, 30 July 2025 diff hist +6,443 N Forwarding Firewall Logs to Wazuh Manager Created page with " Home > Wazuh > Forwarding Firewall Logs to Wazuh Manager == Overview == This article explains how to configure a Palo Alto Firewall to send logs directly to the Wazuh Manager (acting as a syslog server), and how to parse them using custom decoders and rules in Wazuh. == Prerequisites == * Wazuh Manager installed * Palo Alto firewall reachable from Wazuh * UDP port (e.g., 5141) open on Wazuh * Syslog configuration enabled on firewall == Step 1:..."
- 11:50, 30 July 2025 diff hist +47 Wazuh
- 08:46, 14 July 2025 diff hist +5,205 N Re-indexing the archives.json file in Wazuh Created page with " Home > Wazuh > Re-indexing the archives.json file in Wazuh = What Is archive.json? = * <code>archive.json</code> contains the **original raw logs** collected from Wazuh agents or syslog. * These logs are stored **before any correlation, alerting, or rule evaluation** is applied. * This is different from <code>alerts.json.gz</code>, which only contains logs that matched Wazuh rules and triggered alerts. * The file is typically generated when JSON..." current
- 08:31, 14 July 2025 diff hist +49 Wazuh Tag: Visual edit: Switched
- 13:32, 8 July 2025 diff hist +4,563 N State Management Policy configuration in Wazuh for Retention Created page with " Home > Wazuh > State Management Policy configuration in Wazuh for Retention = Index Retention = Security standards require keeping data available for audits for a minimum period of time. For data older than this retention period, you might want to delete it to save storage space. You can define specific policies to handle deletions automatically. These policies can also be used for index rollovers. == Creating a Retention Policy == === Step 1..." current
- 13:32, 8 July 2025 diff hist 0 Wazuh
- 13:32, 8 July 2025 diff hist 0 State Management Policy configuration of Wazuh for Retention current
- 13:25, 8 July 2025 diff hist +2,658 Script to Pull Logs from Wazuh-Manager to Local VM current
- 13:18, 8 July 2025 diff hist +89 N Script to Pull Logs from Wazuh-Manager to Local VM Created page with " Home > Wazuh > Script to Pull Logs from Wazuh-Manager to Local VM"
- 13:18, 8 July 2025 diff hist +56 Wazuh
- 13:14, 8 July 2025 diff hist 0 Zabbix Script for Shards Monitoring current
- 13:10, 8 July 2025 diff hist +3,855 Zabbix Script for Shards Monitoring
- 12:54, 8 July 2025 diff hist +74 N Zabbix Script for Shards Monitoring Created page with " Home > Wazuh > Zabbix Script for Shards Monitoring"
- 12:53, 8 July 2025 diff hist −1 Wazuh
- 12:53, 8 July 2025 diff hist +42 Wazuh
- 12:51, 8 July 2025 diff hist +4,464 State Management Policy configuration of Wazuh for Retention
- 12:44, 8 July 2025 diff hist +99 N State Management Policy configuration of Wazuh for Retention Created page with " Home > Wazuh > State Management Policy configuration of Wazuh for Retention"
- 12:44, 8 July 2025 diff hist +66 Wazuh
- 10:43, 2 July 2025 diff hist +4,240 Deleting Shards Manually in Wazuh current
- 09:42, 2 July 2025 diff hist +72 N Deleting Shards Manually in Wazuh Created page with " Home > Wazuh > Deleting Shards Manually in Wazuh"
- 09:41, 2 July 2025 diff hist +39 Wazuh Tag: Visual edit: Switched
- 13:20, 6 June 2025 diff hist −2 Wazuh Custom Rule Creation →Example 3: Match srcip and hostname current
- 12:49, 6 June 2025 diff hist +62 Wazuh Custom Rule Creation →Triggered Rule
- 12:46, 6 June 2025 diff hist +1 Wazuh Custom Rule Creation →Sample Output
- 12:45, 6 June 2025 diff hist +39 Wazuh Custom Rule Creation →Sample Output
- 12:44, 6 June 2025 diff hist +3 Wazuh Custom Rule Creation →Example Log
- 12:38, 6 June 2025 diff hist +1,573 Wazuh Custom Rule Creation
- 11:49, 6 June 2025 diff hist +24 Wazuh Custom Rule Creation →Changing Existing Rules
- 10:31, 6 June 2025 diff hist +615 Wazuh Custom Rule Creation
- 10:10, 6 June 2025 diff hist +6 Wazuh Custom Rule Creation
- 10:09, 6 June 2025 diff hist +710 Wazuh Custom Rule Creation
- 09:33, 6 June 2025 diff hist +2,912 Wazuh Custom Rule Creation
- 16:26, 5 June 2025 diff hist +3,261 Wazuh Custom Rule Creation
- 10:43, 5 June 2025 diff hist −1 Wazuh Custom Rule Creation
- 10:42, 5 June 2025 diff hist 0 Wazuh Custom Rule Creation
- 10:40, 5 June 2025 diff hist +2,274 Wazuh Custom Rule Creation
- 10:34, 5 June 2025 diff hist +65 N Wazuh Custom Rule Creation Created page with " Home > Wazuh > Wazuh Custom Rule Creation"
- 10:33, 5 June 2025 diff hist +32 Wazuh
- 12:45, 21 May 2025 diff hist −2,023 JQuery Upgrade Blanked the page current Tag: Blanking
- 08:18, 21 May 2025 diff hist +1 Main Page
- 08:16, 21 May 2025 diff hist +2,053 N Hive jQuery Upgrade Created page with " Home > Wazuh > Hive > Hive jQuery Upgrade = jQuery Version Upgrade = We can check the jQuery version by accessing the following URI: <code>http://<THEHIVE_SERVER-IP>:9000/static/bootstrap/jquery.min.js</code> === Locate "jquery.min.js" in TheHive === By default, TheHive is installed in the directory <code>/opt/thehive/</code> and all files are packaged in <code>.jar</code> format. To find the <code>jquery.min.js</code> file within..." current
- 08:13, 21 May 2025 diff hist +69 N Hive Created page with " Home > Wazuh > Hive *Hive jQuery Upgrade" current
- 08:10, 21 May 2025 diff hist +11 Wazuh
- 08:04, 21 May 2025 diff hist +32 N Wazuh Created page with " Home > Wazuh"
- 08:04, 21 May 2025 diff hist −32 Main Page
- 08:04, 21 May 2025 diff hist +32 Main Page →Security Operations Center or Network Operations Center (SOC-NOC)
- 08:02, 21 May 2025 diff hist +49 Main Page
