Wazuh vulnerability scans #4875

Stephen-Ridgway · 2021-07-21T16:50:05Z

Stephen-Ridgway
Jul 21, 2021

Hi!

Has anyone got Wazuh vulnerability scans working?

SR

Answered by ThreeEyedRaven-99

Hi SR!

For Wazuh Vulnerability Scan you can follow these steps:

Download NVD Database in SO and extract the NVD database in a directory.
Bind the NVD directory in /opt/so/saltstack/default/salt/wazuh/init.sls (for example: if your NVD Database directory is in /root/Downloads/NVD/feeds, you can do like this in init.sls file: - /root/Downloads/NVD/feeds:/mnt/feeds
In wazuh config file add vulnerability-detector section and then you can mention the path of the NVD feeds:

yes /mnt/feeds/nvd-feed.*json.gz$ 1h

restart wazuh: so-wazuh-restart
Once vulnerability scan finishes you will see the data in alert section in the Kibana - or you can search for data.vulnerability in discover section

…

ThreeEyedRaven-99 · 2021-09-15T15:44:53Z

Hi SR!

For Wazuh Vulnerability Scan you can follow these steps:

Download NVD Database in SO and extract the NVD database in a directory.
Bind the NVD directory in /opt/so/saltstack/default/salt/wazuh/init.sls (for example: if your NVD Database directory is in /root/Downloads/NVD/feeds, you can do like this in init.sls file: - /root/Downloads/NVD/feeds:/mnt/feeds
In wazuh config file add vulnerability-detector section and then you can mention the path of the NVD feeds:

yes /mnt/feeds/nvd-feed.*json.gz$ 1h

restart wazuh: so-wazuh-restart
Once vulnerability scan finishes you will see the data in alert section in the Kibana - or you can search for data.vulnerability in discover section

Please excuse my poor English :)

0 replies