Document : https://osquery.io/schema/4.2.0
Table : md_devices [Software RAID array settings]

Column's :

1. active_disks | INTEGER | Number of active disks in array
2. failed_disks | INTEGER | Number of active disks in array
3. spare_disks | INTEGER | Number of active disks in array
   4.check_array_progress | TEXT | Progress of the resync activity
   5.check_array_finish | TEXT | Estimated dur

Eg: norestored.

And until then, change the man page to say that it is incomplete, and to look in examples and the changelog. Are there configuration settings that are only documented in code?

Topic :) Currently using a Chrome plugin, but it would be nice to have it built in..just a user specified page refresh. Thank you!

Hello. We currently run 2.9.4 and run into the 1000 dead agents issue and would like to upgrade to the latest version to take advantage of the -F switch to "Remove agents with duplicated IP if disconnected since seconds." (wazuh/wazuh#125)

1. How would it be possible to upgrade with zero downtime? We're on CentOS 7.x.
2. Could we just download the tar.gz file,

An increasing number of sites are supporting HTTP 2.0 which manifests very different than HTTP 1.* traffic. This analyzer adds an http2 log as well as intel framework extensions. Because it is an analyzer it requires access to the compiled source of Bro to be compiled itself as opposed to a regular bro script.

https://github.com/MITRECND/bro-http2

As the http2 analyzer documentation states

Description

When we have an automatic email reports configuration and there are no alerts to be reported that day (e.g the rule or group of rules that we have configured in reports have not triggered during the day), the report will not be sent.

This is not good behavior because it can lead the user to think that the automatic reports are not working.

Let's also say that I have to sen

Hi team,

I have noticed that the log examples found in 0610-win-ms_logs_rules.xml don't match their rules.
It is due the fields providerName and channel aren't correct.

https://github.com/wazuh/wazuh-ruleset/blob/725a0155cfde0a849729d9d174f03e1453e31242/rules/0610-win-ms_logs_rules.xml#L37-L63

To match rules 63103, 63104 and 63105, the logs must have matched before rules `60

An other problem with this function is that it doesn't detect the other ways to write hexadecimal literals in mysql server. Reading documentation [1] we see other ways to do it:

SELECT X'4D7953514C'
SELECT x'0a'+0

Good luck
[1] https://dev.mysql.com/doc/refman/5.7/en/hexadecimal-literals.html

Should document how to run the tests.

Description
Letters will move around as you hover over items in the Kibana App using Firefox.
This is most notable in the Management tab and when the window size is somewhat small.

Steps to reproduce
With Firefox

1. Go to Management
2. Hover over the different dashboard buttons
3. Resize browser win

Hello folks,

I think it'd be great if every ENV VAR used in the images would be explained in the README.md, and also it can be included in the Wazuh official documentation once they're ready.

Feel free to share your thoughts on this here.

Regards

Hello team!

According to https://www.elastic.co/guide/en/elasticsearch/reference/7.2/security-api-put-user.html it's possible to manage Elastic users by using API like the following example:

curl -X POST "localhost:9200/_security/user/jacknich" -H 'Content-Type: application/json' -d' 

Elastic tasks can be enhanced by allowing to create users and manage their attributes and pas

ipcipher is described here:
https://powerdns.org/ipcipher/

This feature would be a global configuration option that causes all IP addresses (v4 and v6) to be encrypted using ipcipher before logging. Note that this would be for all "built-in" logging, and 'default' policy logging, but would not prevent people from using the custom logging functions to log unencrypted IP addresses. The encrypted

The section, referring to the hotfixes option, This option is enabled by default but no included in the initial configuration. is misspelt (no -> not)

Documentation link: https://documentation.wazuh.com/3.12/user-manual/reference/ossec-conf/wodle-syscollector.html#hotfixes