---
wazuh_managers:
  - address: 127.0.0.1
    port: 1514
    protocol: tcp
    api_port: 55000
    api_proto: 'http'
    api_user: null
wazuh_profile: null
wazuh_auto_restart: 'yes'
wazuh_agent_authd:
  enable: false
  port: 1515
  ssl_agent_ca: null
  ssl_agent_cert: null
  ssl_agent_key: null
  ssl_auto_negotiate: 'no'
wazuh_notify_time: null
wazuh_time_reconnect: null
wazuh_winagent_config:
  install_dir: 'C:\wazuh-agent\'
  version: '3.7.0'
  revision: '1'
  repo: https://packages.wazuh.com/3.x/windows/
  md5: 43936e7bc7eb51bd186f47dac4a6f477
wazuh_agent_config:
  active_response_disabled: 'no'
  log_format: 'plain'
  syscheck:
    frequency: 43200
    scan_on_start: 'yes'
    auto_ignore: 'no'
    alert_new_files: 'yes'
    ignore:
      - /etc/mtab
      - /etc/mnttab
      - /etc/hosts.deny
      - /etc/mail/statistics
      - /etc/random-seed
      - /etc/random.seed
      - /etc/adjtime
      - /etc/httpd/logs
      - /etc/utmpx
      - /etc/wtmpx
      - /etc/cups/certs
      - /etc/dumpdates
      - /etc/svc/volatile
    no_diff:
      - /etc/ssl/private.key
    directories:
      - dirs: /etc,/usr/bin,/usr/sbin
        checks: 'check_all="yes"'
      - dirs: /bin,/sbin
        checks: 'check_all="yes"'
    windows_registry:
      - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'
        arch: 'both'
      - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder'
  rootcheck:
    frequency: 43200
  openscap:
    disable: 'yes'
    timeout: 1800
    interval: '1d'
    scan_on_start: 'yes'
  cis_cat:
    disable: 'yes'
    install_java: 'yes'
    timeout: 1800
    interval: '1d'
    scan_on_start: 'yes'
    java_path: '/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin'
    ciscat_path: '/var/ossec/wodles/ciscat'
    content:
      - type: 'xccdf'
        path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml'
        profile: 'xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server'
  vuls:
    disable: 'yes'
    interval: '1d'
    run_on_start: 'yes'
    args:
      - 'mincvss 5'
      - 'antiquity-limit 20'
      - 'updatenvd'
      - 'nvd-year 2016'
      - 'autoupdate'
  localfiles:
    - format: 'syslog'
      location: '/var/log/messages'
    - format: 'syslog'
      location: '/var/log/secure'
    - format: 'command'
      command: 'df -P'
      frequency: '360'
    - format: 'full_command'
      command: 'netstat -tln | grep -v 127.0.0.1 | sort'
      frequency: '360'
    - format: 'full_command'
      command: 'last -n 20'
      frequency: '360'