wazuh-reportd
The wazuh-reportd program creates reports from ThreatLockDown alerts. It accepts alerts on stdin and outputs a report on stderr.
Note
Since the wazuh-reportd daemon outputs to stderr, some utilities like less will not work if the output is not redirected. To do this, end the wazuh-reportd with 2>&1 to redirect stderr to stdout. Following this redirect, more or less can be used with ease.
-D <dir> |
Chroot to <dir> . |
|
-d |
Run in debug mode. This option may be repeated to increase the verbosity of the debug messages. |
|
-f <filter> <value> |
Filter the results. |
|
Allowed values |
group |
|
rule |
||
level |
||
location |
||
user |
||
srcip |
||
filename |
||
-g <group> |
Group to run as (default: wazuh). |
|
-h |
Display the help message. |
|
-n <string> |
Create a description for the report. |
|
-r <filter> <value> |
Show related entries. |
|
-s |
Show the alerts related to the summary. |
|
-t |
Test configuration. |
|
-u <user> |
User to run as (default: wazuh). |
|
-V |
Display the version and license information |
|