Update VD POC

source/proof-of-concept-guide/poc-vulnerability-detection.rst

@@ -18,9 +18,7 @@ Infrastructure
 +---------------+--------------------------------------------------------------------------------------------------------------------------------------------+
 | Endpoint      | Description                                                                                                                                |
 +===============+============================================================================================================================================+
-| Ubuntu 22.04  | The vulnerability detection module checks for vulnerabilities in the operating system and installed applications in this Linux endpoint.   |
-+---------------+--------------------------------------------------------------------------------------------------------------------------------------------+
-| Windows 11    | The vulnerability detection module checks for vulnerabilities in the operating system and installed applications in this Windows endpoint. |
+| Debian 12     | The vulnerability detection module checks for vulnerabilities in the operating system and installed applications in this Linux endpoint.   |
 +---------------+--------------------------------------------------------------------------------------------------------------------------------------------+
 
 Configuration
@@ -51,12 +49,42 @@ The Vulnerability Detection module is enabled by default. You can perform the fo
 
       $ sudo systemctl restart wazuh-manager
 
+
+Test the configuration
+----------------------
+
+.. note::
+
+   The time it takes to detect vulnerabilities depends on the :ref:`interval <syscollector_interval>` value for Syscollector configured in the ``ossec.conf`` file. To reduce the waiting times in this test, check :doc:`System inventory capability configuration </user-manual/capabilities/system-inventory/configuration>`.
+
+#. Install a vulnerable version of Vim such as  ``2:9.0.1378-2`` or earlier in the Debian endpoint. Wait for syscollector to run a new scan.
+
+#. Remove the Vim package to fix the vulnerability. Wait for syscollector to run a new scan.
+
 Visualize the alerts
 --------------------
 
-You can visualize the alert data in the Wazuh dashboard. To do this, go to the Vulnerability Detection module, select Events, and click on any vulnerability to expand the document.
+You can visualize the detected vulnerabilities in the Wazuh dashboard. To see a list of active vulnerabilities, go to **Vulnerability Detection** and select **Inventory**. Add a filter in the search bar to query all active vulnerabilities for the Vim package.
+
+-  ``package.name:vim``
+
+   .. thumbnail:: /images/poc/vulnerabilities-inventory.png
+      :title: All active vulnerabilities on Debian. Vulnerable vim package example
+      :align: center
+      :width: 80%
+
+To see vulnerability alerts for the last system inventory scan, switch to **Events**. Add filters in the search bar to query vulnerability alerts for Vim.
+
+-  Active vulnerability alerts – ``data.vulnerability.package.name: vim AND data.vulnerability.status:Active``
+
+   .. thumbnail:: /images/poc/vulnerabilities-events-new-vuln.png
+      :title: Detected vulnerabilities on Debian. Vulnerable vim package example
+      :align: center
+      :width: 80%
+
+-  Solved vulnerability alerts – ``data.vulnerability.package.name: vim AND data.vulnerability.status:Solved``
 
-.. thumbnail:: /images/poc/vulnerabilities-ubuntu-alerts.png
-   :title: Detected vulnerabilities on Ubuntu alerts
-   :align: center
-   :width: 80%
+   .. thumbnail:: /images/poc/vulnerabilities-events-solve-vuln.png
+      :title: Solved vulnerabilities on Debian. Vulnerable vim package example
+      :align: center
+      :width: 80%

source/user-manual/reference/ossec-conf/wodle-syscollector.rst

@@ -69,6 +69,8 @@ Disable the Syscollector wodle.
 | **Allowed values** | yes, no                     |
 +--------------------+-----------------------------+
 
+.. _syscollector_interval:
+
 interval
 ^^^^^^^^