{"id":2185,"date":"2022-09-06T09:42:23","date_gmt":"2022-09-06T13:42:23","guid":{"rendered":"https:\/\/increasec.com\/?p=2185"},"modified":"2022-09-06T09:42:25","modified_gmt":"2022-09-06T13:42:25","slug":"event-logging-group-policy-for-wazuh-or-alienvault","status":"publish","type":"post","link":"https:\/\/increasec.com\/?p=2185","title":{"rendered":"Event Logging Group Policy for Wazuh or AlienVault"},"content":{"rendered":"\n<p>Do NOT turn on Audit Privilege Use = FAILURE  or you will Denial of Service yourself with the flood of useless events.  Chrome.exe creates multiple events per minute while working properly.  <\/p>\n\n\n\n<p>I filled a 200GB Wazuh DB before figuring this out, and had to rebuild Wazuh.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"756\" height=\"414\" src=\"https:\/\/increasec.com\/wp-content\/uploads\/2022\/09\/image.png\" alt=\"\" class=\"wp-image-2186\" srcset=\"https:\/\/increasec.com\/wp-content\/uploads\/2022\/09\/image.png 756w, https:\/\/increasec.com\/wp-content\/uploads\/2022\/09\/image-300x164.png 300w\" sizes=\"auto, (max-width: 756px) 100vw, 756px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Do NOT turn on Audit Privilege Use = FAILURE or you will Denial of Service yourself with the flood of useless events. Chrome.exe creates multiple events per minute while working&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[21],"class_list":["post-2185","post","type-post","status-publish","format-standard","hentry","category-uncategorised","tag-windows"],"_links":{"self":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/2185","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2185"}],"version-history":[{"count":1,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/2185\/revisions"}],"predecessor-version":[{"id":2187,"href":"https:\/\/increasec.com\/index.php?rest_route=\/wp\/v2\/posts\/2185\/revisions\/2187"}],"wp:attachment":[{"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2185"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2185"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/increasec.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2185"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}