configuring-host-based-intrusion-detection
Warn
Audited by Snyk on Mar 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The install commands in Step 1 fetch and install remote packages (e.g., https://packages.wazuh.com/4.x/windows/wazuh-agent-4.9.0-1.msi and the APT repo at https://packages.wazuh.com/4.x/apt/ plus the GPG key https://packages.wazuh.com/key/GPG-KEY-WAZUH) during runtime to provide required agent code which will be executed on hosts, so these URLs constitute runtime external dependencies that deliver and execute remote code.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains explicit, privileged system-modifying instructions (adding APT sources and GPG keys, writing to /etc and /var/ossec, running apt-get/msiexec, enabling systemd services, and configuring active-response actions that block IPs or disable accounts), which require administrative access and change the machine's state.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata