Miguel Angel Cazajous
Miguel Angel Cazajous
Update: - Legacy tests not showing coverage for 5.x. I'll be fixing that to report the same as in 4.x - Restore/create vulnerability scanner workflow for coding style, documentation, UTs,...
I would say that it is expected for the path field, since that information is not always available, but in the case of Windows the installed date should be always...
```console sqlite3 /var/lib/rancher/k3s/storage/pvc-2bdd6ca3-ebef-4a96-b3bd-40ecc148268b_xdr_xdr-wazuh-manager-worker-xdr-wazuh-manager-worker-0/wazuh/var/ossec/queue/db/002.db 'select name,format,install_time,location from sys_programs' --line name = PowerShell 7-x64 format = win install_time = 2025/10/31 00:34:35 location = name = PowerShell 7.5.4.0-x64 format = win install_time =...
What I mean is that the path (or location in db) is not available or couldn't be requested, is that ok? probably not, but it is not related to the...
Could you repeat the query for your macOS agents, please?
So, to summarize, I reported the path issue to the team, but I'll personally investigate that disparity with the osquery report, and also take a look at the install time....
Expand ```console sqlite3 /var/lib/rancher/k3s/storage/pvc-2bdd6ca3-ebef-4a96-b3bd-40ecc148268b_xdr_xdr-wazuh-manager-worker-xdr-wazuh-manager-worker-0/wazuh/var/ossec/queue/db/005.db 'select name,format,install_time,location from sys_programs' --line name = PIPAgent format = pkg install_time = location = /System/Library/CoreServices/PIPAgent.app/Contents/Info.plist name = itsdangerous format = pypi install_time = location =...
The issue is due to this helper function that coverts epoch to ISO, that's why some MacOS are properly converted, because some of them use the epoch format. https://github.com/wazuh/wazuh/blob/2dc04435e7c52274bb429022e7c2d5010b8349dd/src/shared_modules/utils/timeHelper.h#L173 We're...
Please share you package inventory, https://documentation.wazuh.com/current/user-manual/api/reference.html#tag/Syscollector/operation/api.controllers.syscollector_controller.get_packages_info What I'm seeing there is that the vulnerabilities reported are related to the python packages not installed through the OL8 package manager. That's why...
> I could see that the problem is that the package is recognized twice Yeap, I asked for the agent version used because that was treated in previous versions. I...