Recently I found that installation of wazuh agent on a new host does not show security events except vulnerability scans, CIS and SCA. I can't see logs from eventchannels like Application, Security and System.
Hi,
Correct. If you are looking for raw data, Wazuh by default does not provide that. It's a winlogbeat job, that's why we recommend using both of those agents if you want to have full spectrum of data and analysis. I've covered more about that in this post: https://community.energylogserver.com/d/89-difference-between-collecting-logs-with-winlogbeat-and-wazuh
Let me know if you'll have more questions I can answer. 🙂
