You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I see, in the screenshot you posted, that you have sample data added. The highlighted agents are called Windows and Debian, these could be 2 agents from the sample data.
The table in the report shows the information about the top agents with medium vulnerabilities of real agents that your environment has. This means that getting the top agent IDs with more alerts under the mentioned condition, then these agent IDs are used to get the agent data of the Wazuh API. If your environment has not an agent with ID of the top, this won't appear in the table of the report.
For another hand, the agent name in the report table is IE11Win10, neither Debian nor Windows as displayed in the dashboard, and it could appear in the table because the real agent ID is the same as Debian or Windows fake agents (that generated the alerts).
Description
When using a Lucene search query containing a logical operator, the real result is not reflected in the report
Steps to reproduce
agent.name:(*w*) OR agent.name:(*D*)
as shown below:The text was updated successfully, but these errors were encountered: