u/GunnarBjornson

Hi All,

New to Wazuh and device management generally. Trying to manage a very small fleet of BYOD devices, by issuing guidance at this point.

My issue: I understand that if something like Steam flags a cve vuln, and it turns out that the version on the device is much newer the vuln can be ignored. I've also seen people suggest here in other threads I can then silence that cve.

I don't really want to silence it as it might be relevant for future devices with very old versions lying dormant.

How is everyone dealing with these device specific acknowledgements?

Hi Guys, does anyone have any experience using Wazuh in support of meeting UK Cyber Essentials, with remote BYOD.

We are a small organisation looking to try and get certified, and we can't really justify the 5k plus for Tennable Nessus. As well as that, we like the idea of open source where we can.

My problem, having started the research, is that it isn't clear to me that with Wazuh we are guaranteed to find the same vulnerabilities as our auditor using Nessus (or any other approved tool for that matter). In fact it seems to me that if we went with Qualys or anyone else that would also be true.

Recently I had my device scanned with Nessus and it came back clean, I ran a scan with Wazuh (running locally for testing) and it rightly flagged a python package (black) as a high vulnerability. My point there I suppose is that could happen in reverse, Nessus find something that Wazuh missed, at which point I'd fail the audit.

Any pointers or advice greatly appreciated.