This is the documentation for Wazuh 3.3. Check out the docs for the latest version of Wazuh!
Edit on GitHub

FAQ

  1. Can I use a custom script for active responses?
  2. Can I configure active responses for only one host?
  3. Can an active response remove the action after a period of time?

Can I use a custom script for active responses?

Yes. You can create your own script and configure a command and active response to refer to it.

Can I configure active responses for only one host?

Yes, using the location option. More information: Active Response options

Can an active response remove the action after a period of time?

Yes, using the <timeout_allowed> tag on the command and the <timeout> tag on the active response. More information: Example