- Enable the Vulnerability Detector module by modifying the Wazuh server configuration file at /var/ossec/etc/ossec.conf.
Set the value for the <enabled> tag to yes for the Vulnerability Detector module and for every operating system you intend to scan.
Add Vulnerability Detector Code in config file
<vulnerability-detector>
<enabled>yes</enabled>
<interval>5m</interval>
<min_full_scan_interval>6h</min_full_scan_interval>
<run_on_start>yes</run_on_start>
<!-- Ubuntu OS vulnerabilities -->
<provider name="canonical">
<enabled>yes</enabled>
<os>trusty</os>
<os>xenial</os>
<os>bionic</os>
<os>focal</os>
<os>jammy</os>
<update_interval>1h</update_interval>
</provider>
<!-- Debian OS vulnerabilities -->
<provider name="debian">
<enabled>yes</enabled>
<os>buster</os>
<os>bullseye</os>
<os>bookworm</os>
<update_interval>1h</update_interval>
</provider>
<!-- RedHat OS vulnerabilities -->
<provider name="redhat">
<enabled>yes</enabled>
<os>5</os>
<os>6</os>
<os>7</os>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Amazon Linux OS vulnerabilities -->
<provider name="alas">
<enabled>yes</enabled>
<os>amazon-linux</os>
<os>amazon-linux-2</os>
<os>amazon-linux-2022</os>
<os>amazon-linux-2023</os>
<update_interval>1h</update_interval>
</provider>
<!-- SUSE OS vulnerabilities -->
<provider name="suse">
<enabled>yes</enabled>
<os>11-server</os>
<os>11-desktop</os>
<os>12-server</os>
<os>12-desktop</os>
<os>15-server</os>
<os>15-desktop</os>
<update_interval>1h</update_interval>
</provider>
<!-- Arch OS vulnerabilities -->
<provider name="arch">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Alma Linux OS vulnerabilities -->
<provider name="almalinux">
<enabled>yes</enabled>
<os>8</os>
<os>9</os>
<update_interval>1h</update_interval>
</provider>
<!-- Windows OS vulnerabilities -->
<provider name="msu">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
<!-- Aggregate vulnerabilities -->
<provider name="nvd">
<enabled>yes</enabled>
<update_interval>1h</update_interval>
</provider>
</vulnerability-detector>
In our wazuh-server we have to make changes in ossec.conf file
It will start downloading all the Vulnerability databases of each and every OS
Running vulnerability scans in Wazuh requires enabling the Vulnerability Detector module and setting the configuration for the scan.
Change this conf with respect to the above screenshot: This conf is present in both agent and server location in agent.conf
As we open Wazuh server, it will show all the vulnerabilities after scanning the os
Here is the graphical representation of all vulnerabilities and no. of vulnerabilities in terms of severity
If we click the critical vulnerability, we will able to analyse
We have analysed Windows 11 also which is having
CVE (common vulnerability and exposure) doesn’t only include the malicious software, the outdated software which are present in the system is also considered as a CVE
We can navigate to Mitre Attack
We can view Security Events as performing any authentication failure
