Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Wazuh responder problem with analyzer #1243

Open
romarito90 opened this issue Jan 26, 2024 · 0 comments
Open

[Bug] Wazuh responder problem with analyzer #1243

romarito90 opened this issue Jan 26, 2024 · 0 comments
Milestone
3.3.7

Comments

@romarito90
Copy link

Hello everyone I'm trying to get fix the problem in the wazuh responder

How can I get the data from an artifact or observable in a case ?

I created one new observable "agent_id" this is visible in my list of observables in the case in Thehive

imagen

How can I get the data from that field and pass to the payload to run the command firewalldrop

imagen

imagen

If I run the command like above this It works
imagen

When I change the code to the following the analyzer failed

imagen

imagen

what command or code I need to get that data from that field "agent_id " in this case 12079 ??

Work environment

  • Client OS: Windows 11
  • Browse type and version: Firefox
  • Cortex version: 3.1.7
  • Cortex Analyzer/Responder name: Wazuh 1.0
@jeromeleonard jeromeleonard modified the milestones: 3.3.6, 3.3.7 Feb 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.3.7
Development

No branches or pull requests
2 participants
@jeromeleonard @romarito90