Wazuh Vulnerability Detection – Huge Number of Alerts, Need Some Guidance
Hey folks,
I could use a bit of help wrapping my head around the Vulnerability Detection module in Wazuh.
We just ran a scan across 30 servers and the results are… intense:
- ~70 Critical
- ~10,000 High
- ~50,000 Medium vulnerabilities
Sum: ~60k
I’m honestly not sure how to handle this kind of volume. A lot of the findings seem to be related to the kernel, and I’m not even sure how (or if) I should be fixing those.
We already upgrade all servers to the newest version and there are still ~55k.
So I’m wondering:
- How do you typically work with this module at scale?
- Are there best practices for tuning the config to reduce noise or common false positives?
- Any tips on triaging or prioritizing the output so it’s more manageable?
Would really appreciate hearing how others are approaching this. Thanks in advance!