Hey, ya I am sure that could eventually become an issue, however, I assume these list can grow rather large because I have not ran into that issue yet. I also recommend taking advantage of Cortex and TheHive to gather IP, domain, etc. intelligence as well. This would offload gathering further intelligence from the Wazuh Manager and put that load onto another system. Check out TheHive and Cortex demos here: TheHive: kzbin.info/www/bejne/jKKspoNmdrR2eMk&ab_channel=OpenSecure Cortex: kzbin.info/www/bejne/p6uZqad_g9x-aas&ab_channel=OpenSecure Hope that helps and let me know if you have any other questions!

Thanks for watching!