Blog / Engineering / Searching for alerts using the Wazuh app for Kibana
...capabilities, thanks to the integration with the Elastic Stack. These examples use Kibana v7.1.0 and our latest release, Wazuh v3.9.1. Interacting with the visualizations The visualizations are located in many...
Use cases / Threat Hunting
...proactive in identifying and eliminating emerging threats and defend their business processes effectively. Comprehensive visibility Wazuh provides complete visibility by logging various components of your IT infrastructure including OS, applications,...
Use cases / Regulatory Compliance
...help monitor compliance status, identify improvement areas, and take appropriate remediation actions. See our SCA documentation for more information. Streamline compliance activities Use Wazuh XDR and SIEM capabilities to streamline compliance activities....
Blog / Engineering / Detecting PureHVNC malware with Wazuh
...- 'not f:C:\Users\<USERNAME>\Downloads\Python\Python312\money.py' - 'not f:C:\Users\<USERNAME>\Downloads\Python\Python312\update.py' - 'not f:C:\Users\<USERNAME>\Downloads\Python\Python312\upload.py' - 'not f:C:\Users\<USERNAME>\Downloads\Python\Python312\time.py' - 'not f:C:\Users\<USERNAME>\Downloads\Python\Python312\kam.py' - 'not f:C:\Users\<USERNAME>\Downloads\Python\Python312\moment.py' - 'not f:C:\Users\<USERNAME>\Downloads\Python\Python312\info.py' - id: 77002 title: "Checking for Possible PureHVNC malware...
The Wazuh Partner Program Terms (PPT) provide a comprehensive framework for Partners to engage and collaborate with Wazuh. These terms outline the rights, obligations, and benefits of being a Wazuh...
Blog / Engineering / Monitor Office 365 with Wazuh
...request a token from the Microsoft identity platform for accessing the https://manage.office.com resource: # Obtain a token for accessing the Office 365 management activity API def obtain_access_token(tenantId, clientId, clientSecret): #...
Blog / Engineering / Hunting for suspicious Windows LNK files with Wazuh XDR
...110001 on the Windows endpoint. <ossec_config> <command> <name>lnkparser</name> <executable>lnkparser.bat</executable> <timeout_allowed>no</timeout_allowed> </command> <active-response> <command>lnkparser</command> <location>local</location> <rules_id>110000,110001</rules_id> </active-response> </ossec_config> 3. Append the following decoder to the /var/ossec/etc/decoders/local_decoder.xml file to extract the fields...
Blog / Engineering / Empowering threat visibility with Wazuh and Maltiverse
...IPv4 test Figure 4: IPv4 test details Hostname test SSH communications, which involve hostnames, DNS queries, and other forms of communication, can feature various hostnames. To obtain comprehensive information about...
...the Wazuh Service Level Agreement (SLA), which outlines our commitment to service performance of Professional Support and Maintenance Services. Designed to be used as a master agreement between you and...
Use cases / Log Data Analysis
...overview Gain complete visibility across your IT infrastructure with Wazuh. Wazuh provides complete visibility of an entire IT infrastructure by performing real-time analysis of logs from network devices, endpoints, and...
Use cases / Malware Detection
Malware detection comprises strategies and tools to detect malware threats. The Wazuh SIEM and XDR platform uses several advanced malware detection techniques for a wide range of malware, including ransomware,...
...Service Level Agreement (SLA), which outlines our commitment regarding service performance of our Cloud Services. This agreement creates the grounds for a strong and long-term working relationship, enabling multiple transactions...