updating vulnerbility feed

[actionhenkt]

Hello, Sorry to post it here but dont know where else I should post questions, im trying to set up vulnerability detection using docker version of wazuh manager. Everytime I enable vulnerability detection in the manager it seems to disable itself after some time, im not seeing any vulnerability scans being executed and have no results .. I think i need to update the feeds on the manager but how do I execute a feed sync/download from the manager ?

[vcerenu]

Hello @actionhenkt

Can you tell me how you are activating Vulnerability Detector? Depending on what type of deployment you are doing, you will have to modify 1 or 2 files to do it, since you must activate it in the single ossec.conf (single-node/config/wazuh_cluster/wazuh_manager.conf) of the single node deployment or in the ossec.conf of the master (multi-node/config/wazuh_cluster/wazuh_manager.conf) and worker (multi-node/config/wazuh_cluster/wazuh_worker.conf) node of the multi node deployment. To activate it you must modify the following tag

<vulnerability-detector>
<enabled>yes</enabled>
<interval>5m</interval>
<min_full_scan_interval>6h</min_full_scan_interval>
<run_on_start>yes</run_on_start>

Remember that you can modify the execution interval according to your needs

After making the change to <enabled>yes</enabled> you need to restart the Wazuh manager service for the change to take effect. You can run this inside the container with the command service wazuh-manager restart or directly restarting the container with the command docker restart <name-of-container> or docker-compose <name-of-container> restart

[alberpilot]

I proceed to close this issue due to inactivity. Please don't hesitate to re-open if necessary.