Blog / Engineering / Detecting XZ Utils vulnerability (CVE-2024-3094) with Wazuh
XZ Utils is a widely utilized suite of command-line tools for lossless data compression on virtually all Unix-like operating systems, including Linux. Among its prominent components are xz and lzma,...
Blog / Engineering / Detecting keyloggers (T1056.001) on Linux endpoints
Keyloggers are spyware that monitor and record user keystrokes on endpoints. Some variants relay the recorded data to an external party or attacker, enabling threat actors to exfiltrate user credentials...
Blog / Engineering / Integrating Cisco Secure Endpoint with Wazuh
In this blog post, we combine the capabilities of Cisco Secure Endpoint with the versatility of Wazuh, a unified XDR and SIEM platform. Cisco Secure Endpoint offers cloud-delivered endpoint detection...
Blog / Engineering / Integrating Wazuh with Shuffle
This blog post shows how to integrate Wazuh with Shuffle with the out-of-the-box integration introduced in Wazuh 4.4.
Blog / Engineering / Auditing Kubernetes with Wazuh
It is essential to log and audit Kubernetes cluster events. Check our new blog post to learn how to audit Kubernetes events with Wazuh.
Blog / Engineering / Detecting illegitimate crypto miners on Linux endpoints
Crypto miners are programs that utilize computer resources to mine cryptocurrency. Mining is the process that several cryptocurrencies use to generate new coins and verify new transactions. Crypto miners usually...
Blog / Engineering / Detecting Follina (CVE-2022-30190) attack with Wazuh
A remote code execution vulnerability affecting Microsoft Windows Support Diagnostic Tool (MSDT) was observed to be exploited as early as May 2022. The vulnerability is dubbed Follina and has the...
Blog / Engineering / Monitoring Windows task scheduler to detect attack persistence
The Windows task scheduler is a tool in the Windows operating system that launches programs and executes predefined scripts at scheduled times or after specified time intervals. While Windows Task...
Blog / Engineering / Detecting Spring4Shell (CVE-2022-22965) with Wazuh
A remote code execution (RCE) vulnerability that affects the Spring Java framework has been discovered. The vulnerability is dubbed Spring4Shell or SpringShell by the security community. It has the designation...
Blog / Engineering / Using Wazuh and TheHive for threat protection and incident response
Wazuh is a unified SIEM and XDR platform that you can use to protect your infrastructure. A SIEM is essential to security operations, and in many instances, Security Operations Centers...
Blog / Engineering / Detecting PwnKit (CVE-2021-4034) with Wazuh
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. In contrast to...
Blog / Engineering / Analyzing ModSecurity events with Wazuh
In this blog post, we explain how to analyze ModSecurity events with Wazuh. Wazuh is a unified XDR and SIEM solution. It can be used to collect, analyze and correlate...