SIEM Monitoring using Wazuh by Francis Jeremiah

This lab was created to simulate an API Attack and capture the reflecting impacts on the server or machine that it is being targeted on.

Meet us at BSides San Francisco 2022

Blog / News / Meet us at BSides San Francisco 2022

We are happy to announce that we will be sponsoring BSides San Francisco 2022, a two days event taking place on June 4th-5th this year. This is the third time...

Monitoring Docker container logs with Wazuh

Blog / Engineering / Monitoring Docker container logs with Wazuh

Introduction By default, Docker container logs only show stdout and stderr standard streams, which are cleared when the container is destroyed. However, when non-interactive processes, like a database or web...

Detecting Sysjoker backdoor malware with Wazuh

Blog / Engineering / Detecting Sysjoker backdoor malware with Wazuh

Sysjoker is a backdoor malware that was first discovered in December 2021 by Intezer. It is sophisticated and written from scratch in C++. Sysjoker is a cross-platform malware that has...

Monitoring commonly abused Windows utilities

Blog / Engineering / Monitoring commonly abused Windows utilities

It is commonly known that malware abuses native Windows utilities to achieve the attacker’s nefarious goals. For example, a native utility like Vssadmin can be abused by ransomware to inhibit...

Using Wazuh to detect BPFDoor malware

Blog / Engineering / Using Wazuh to detect BPFDoor malware

BPFDoor is backdoor malware associated with the Chinese APT – Red Menshen. It is a highly evasive malware that targets Linux and Solaris-based systems. It is said to have been...

Integrating Wazuh with Shuffle

Blog / Engineering / Integrating Wazuh with Shuffle

The Wazuh unified XDR and SIEM platform now has out-of-the-box integration with Shuffle SOAR. Shuffle is a general-purpose security automation platform. The Shuffle integration introduced in Wazuh version 4.4 extends...

Introducing Wazuh 4.7.0

Blog / Releases / Introducing Wazuh 4.7.0

We are thrilled to announce the release of Wazuh 4.7.0. This release introduces a native Maltiverse integration and improvements to the Syscollector and Vulnerability Detector modules, among other updates. Below,...

Detecting CUPS remote code execution vulnerability with Wazuh

Blog / Engineering / Detecting CUPS remote code execution vulnerability with Wazuh

CUPS (Common Unix Printing System) is a widely used printing system for Unix-like operating systems. It allows users to share printers over a network and provides a web-based interface for...

Install Wazuh on Ubuntu Endpoint

Today I am going to share with you how to install Wazuh on an Ubuntu endpoint to detect brute-force attacks…

Using Wazuh To Detect SSH Brute-Force Attack

Brute-force is a method involves trying every possible password or key until the correct one is discovered, without using any knowledge about the structure or characteristics of the…

Enhancing Network Security: Integrating Suricata with Wazuh

oday I am going to write about how you can Enhance your network security by Integrating Suricata as the (IDS) Intrusion Detection System with Wazuh for threat…