From 3aa96646ee135168ee42644411130839f1710d85 Mon Sep 17 00:00:00 2001 From: Matevz Erzen <matevz.erzen@xlab.si> Date: Tue, 15 Feb 2022 13:22:58 +0100 Subject: [PATCH] Corrected elasticsearch rule.description query --- wazuh_evidence_collector/checker.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/wazuh_evidence_collector/checker.py b/wazuh_evidence_collector/checker.py index f6034cf..3877e4d 100644 --- a/wazuh_evidence_collector/checker.py +++ b/wazuh_evidence_collector/checker.py @@ -90,7 +90,7 @@ class Checker: def check_clamd_logs_elastic(self, agent): s = Search(using=self.es, index="wazuh-alerts-*") \ .query("match", predecoder__program_name="clamd") \ - .query("match", rule__descrhosttion="Clamd restarted") \ + .query("match", rule__description="Clamd restarted") \ .query("match", agent__id=agent[0]) body = s.execute().to_dict() -- GitLab