From 3aa96646ee135168ee42644411130839f1710d85 Mon Sep 17 00:00:00 2001
From: Matevz Erzen <matevz.erzen@xlab.si>
Date: Tue, 15 Feb 2022 13:22:58 +0100
Subject: [PATCH] Corrected elasticsearch rule.description query

---
 wazuh_evidence_collector/checker.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wazuh_evidence_collector/checker.py b/wazuh_evidence_collector/checker.py
index f6034cf..3877e4d 100644
--- a/wazuh_evidence_collector/checker.py
+++ b/wazuh_evidence_collector/checker.py
@@ -90,7 +90,7 @@ class Checker:
     def check_clamd_logs_elastic(self, agent):
         s = Search(using=self.es, index="wazuh-alerts-*") \
             .query("match", predecoder__program_name="clamd") \
-            .query("match", rule__descrhosttion="Clamd restarted") \
+            .query("match", rule__description="Clamd restarted") \
             .query("match", agent__id=agent[0])
         
         body = s.execute().to_dict()
-- 
GitLab