This is the documentation for Wazuh 3.3. Check out the docs for the latest version of Wazuh!

Edit on GitHub

FAQ¶

Can I use a custom script for active responses?
Can I configure active responses for only one host?
Can an active response remove the action after a period of time?

Can I use a custom script for active responses?¶

Yes. You can create your own script and configure a command and active response to refer to it.

Can I configure active responses for only one host?¶

Yes, using the location option. More information: Active Response options

Can an active response remove the action after a period of time?¶

Yes, using the <timeout_allowed> tag on the command and the <timeout> tag on the active response. More information: Example