Blog / Engineering / Detecting Windows Screensaver persistence attack with Wazuh
Screensaver is a feature on operating systems that lets users display a message or graphic animation after a certain amount of idle time has elapsed. Threat actors are known to exploit the screensaver feature on Windows systems as a means of persistence. This is true since Windows screensavers are executable files with the .scr extension. […]
Blog / Engineering / Responding to network attacks with Suricata and Wazuh XDR
This blog post focuses on protecting an endpoint from network attacks using Suricata and the Wazuh active response module.
Blog / Engineering / Monitoring remote OpenVPN connections with GeoIP and Wazuh XDR
The global pandemic in 2020 gave rise to more companies adopting remote working tools, services, and collaboration solutions. But organizations that utilize remote work services expose themselves to a wider range of potential threats from malicious actors. Remote users can use OpenVPN to safely connect to a private network and all its resources, including files, […]
Blog / Releases / Introducing Wazuh 4.6.0
We are excited to announce the release of Wazuh 4.6.0, with new and enhanced capabilities, new use cases, and improved documentation. This marks a significant achievement for our project and greatly benefits our open source community. New features in Wazuh 4.6.0 Wazuh boasts a range of SIEM (Security Information and Event Management) and XDR (Extended […]
Blog / Engineering / Monitoring network devices with Wazuh
A network device is a hardware or software component that facilitates the transfer of data and information between nodes within a network. Common types of network devices include routers, switches, hubs, modems, access points, and firewalls. Without adequate safeguards, network devices become vulnerable entry points for malicious actors to gain unauthorized access to systems, orchestrate […]
Blog / Engineering / Detecting Living Off the Land attacks with Wazuh
Living Off the Land (LOTL) attacks are a cyber threat technique in which attackers leverage existing, legitimate tools and features within an environment to conduct malicious activities. This approach allows attackers to blend in with normal system activity, making detection by conventional security measures more challenging. The solution to LOTL attacks is to use a […]
Blog / Engineering / Detecting compromised accounts with HIBP and Wazuh
Data breaches and leaked credentials have become a recurring threat in the cybersecurity landscape, exposing sensitive information such as usernames, passwords, and email addresses. When attackers gain access to this data, they can exploit it for unauthorized access, phishing attacks, or identity theft. The risk to businesses and individuals is significant, whether leaked credentials from […]
Blog / Engineering / Wazuh for CMMC compliance
Cybersecurity frameworks are structured standards, guidelines, and best practices for managing and reducing cybersecurity risks. Some examples include NIST, HIPAA Security Rule, PCI DSS, and CMMC. These frameworks provide a foundational blueprint for securing sensitive data and strengthening cyber resilience, especially in regulated industries. Wazuh, an open source Security Information and Event Management (SIEM) and […]