-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix permission error in JSON alert #14019
Conversation
c45c273
to
950a5c8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
73eb056
to
c837fd5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
c837fd5
to
850faee
Compare
The base branch was changed.
Test: AR IT - Tier 0 - windows_agent is failing with the following error:
This is a dependency error in the test itself that is not related to this pull request. It is already addressed at wazuh/wazuh-qa#2769, so please ignore it. |
c8540aa
850faee
to
c8540aa
Compare
3686375
c8540aa
to
3686375
Compare
QA review
|
Hello @chemamartinez and team: |
Description
When
FIM
is run on Windows logs with a malformed permission, theanalysisd
module generates a log message and discards this permission. This PR is to add changes to this behavior, right now the moduleanalysisd
reads permissions and discard only malformed permissions.Logs/Alerts example
Syscheck stress test result,
Tests