Recently I found that installation of wazuh agent on a new host does not show security events except vulnerability scans, CIS and SCA. I can't see logs from eventchannels like Application, Security and System.
Hi,
Correct. If you are looking for raw data, Wazuh by default does not provide that. It's a winlogbeat job, that's why we recommend using both of those agents if you want to have full spectrum of data and analysis. I've covered more about that in this post: https://community.energylogserver.com/d/89-difference-between-collecting-logs-with-winlogbeat-and-wazuh
Let me know if you'll have more questions I can answer. 🙂
SzymonC
If I using Sysmon not winlogbeat, is that possible?
Not sure if I understood you correctly, but if you're looking for agentless approach for Windows, then we're looking at Windows WEF and WEC. Since agentless in Windows isn't as simple as syslog for Linux, we've developed dedicated advanced connector for that (so it's not by default in Energy Logserver). Here are the details: https://eventcollector.com/
