Blog / Engineering / Enhancing incident response with Wazuh and DFIR-IRIS integration
DFIR-IRIS is an open source platform for case management and incident response, enabling incident responders to document, track, and analyze security incidents. It supports remote investigations by allowing responders to...
Blog / Engineering / Detecting AsyncRAT with Wazuh
AsyncRAT is an open source remote access tool that is commonly used by threat actors for file exfiltration and remote desktop control. Threat actors use script injectors and phishing attachments...
Blog / Engineering / Detecting keyloggers (T1056.001) on Linux endpoints
Keyloggers are spyware that monitor and record user keystrokes on endpoints. Some variants relay the recorded data to an external party or attacker, enabling threat actors to exfiltrate user credentials...
Blog / Engineering / How to detect MeshAgent with Wazuh
This blog post describes how to detect MeshAgent activities using Wazuh. MeshAgent is not inherently malicious but can be abused.