rule_test

Here is how to configure the Wazuh-Logtest solution. It allows to test rules and decoders from ThreatLockDown API and wazuh-logtest tool

Options

enabled

Enables the module.

Default value

yes

Allowed values

yes/no

threads

Number of Wazuh-Logtest solution threads.

Default value

1

Allowed values

a number between 1 and 128, or auto to create one thread per CPU

max_sessions

Max number of users connected simultaneously.

Default value

1

Allowed values

A number between 1 and 500

session_timeout

Time required to delete a session and its resources after the last user interaction.

Default value

15m

Allowed values

A number to represent seconds, to represent suffix character indicating a time unit, such as s (seconds), m (minutes), h (hours). The max value is 365 days

Default configuration

<rule_test>
    <enabled>yes</enabled>
    <threads>1</threads>
    <max_sessions>64</max_sessions>
    <session_timeout>15m</session_timeout>
</rule_test>