I am currently looking into Wazuh and have an instance deployed. I am just monitoring my DMZ - public-facing applications located in one vlan and only reachable from the internet through a reverse proxy in another vlan. Cross-zone traffic is handled by a firewall. The only way to this the public-facing servers is through a firewall with a locked-down set of rules.
Wazuh performing a Vuln check tells me that packages are running on this Ubuntu 22.04 server with a High severity.
For example, CVE-2023-39810 is impacting my server as it is related to the ‘busybox-static’ package. All packages are updated and there is no way to update any of the packages causing a High Severity alert.
Question is how serious should these alerts be treated? There is no updated version of the packages in the repo and i don’t think there is an operational concern at this time.