rule_test
Here is how to configure the Wazuh-Logtest solution. It allows to test rules and decoders from ThreatLockDown API and wazuh-logtest tool
Options
enabled
Enables the module.
Default value |
yes |
Allowed values |
yes/no |
threads
Number of Wazuh-Logtest solution threads.
Default value |
1 |
Allowed values |
a number between 1 and 128, or auto to create one thread per CPU |
max_sessions
Max number of users connected simultaneously.
Default value |
1 |
Allowed values |
A number between 1 and 500 |
session_timeout
Time required to delete a session and its resources after the last user interaction.
Default value |
15m |
Allowed values |
A number to represent seconds, to represent suffix character indicating a time unit, such as s (seconds), m (minutes), h (hours). The max value is 365 days |
Default configuration
<rule_test>
<enabled>yes</enabled>
<threads>1</threads>
<max_sessions>64</max_sessions>
<session_timeout>15m</session_timeout>
</rule_test>