I was trying to integrate Virustotal with Wazuh and it said I have to modify ossec.conf. But I couldn’t find the /var/ossec directory. When I used “find” to find it, it showed bunch of directories that’s inside /var/lib/docker. So which one of these should I modify?
Hello @Darkimoo. You can edit the configuration file located at t-guard/wazuh/config/wazuh_cluster/wazuh_manager.conf, which will be linked to ossec.conf inside the Docker container. #cmiiw
1 Suka
Thanks for replying. What about this file?
/var/ossec/etc/rules/local_rules.xml
I modified the /t-guard/wazuh/custom-integrations/local_rules but I don’t think virustotal api is working.
