wazuh-dashboard icon indicating copy to clipboard operation
wazuh-dashboard copied to clipboard

Published 20 hours ago verified publisher icon wazuh

Vulnerability detector module not showing any events after initial scan

Open GGP1 opened this issue 1 year ago • 1 comments

Describe the bug

The Vulnerability Detection module is not showing any alerts in the Events tab after the baseline scan.

According to the team, this is expected because the baseline scan goes to the wazuh-states-vulnerabilities index (used in Dashboard and Inventory) and the vulnerability detector alerts go to wazuh-events-* indices (used in Events).

However, I do think we should consider including the alerts generated in the initial scan in the list to be consistent with the ones generated by the vulnerability detector on subsequent scans.

To Reproduce

Steps to reproduce the behavior:

  1. Setup an all-in-one manager
  2. Add a linux agent
  3. Go to the Vulnerability Detection module
  4. See the alerts generated
  5. Go to the Events tab
  6. See "No results match your search criteria" message

Expected behavior The Events tab shows the list of events generated during the baseline scan.

Screenshots

Images

ubuntu_2 ubuntu_3 ubuntu_4

Host/Environment (please complete the following information):

  • OS: Ubuntu 22.04
  • Browser and version [e.g. 22]: Firefox 121.0.1

GGP1 avatar Mar 14 '24 19:03 GGP1

This is not an issue with the dashboard, the change is related to the expected behaviour of the new VD (see comment)

sebasfalcone avatar Mar 18 '24 10:03 sebasfalcone