Amazon Security Lake is a fully managed service that helps organizations aggregate, store, and analyze security data from various sources, such as AWS services, on-premise logs, and third-party SaaS applications. Security administrators can use AWS services like Athena to query the security data, which gives them insight into potential threats and vulnerabilities across an organization’s […]

Wazuh is an open source security platform that offers Extended Detection and Response (XDR) and Security Information and Event Management (SIEM) capabilities to organizations. It provides security to IT infrastructure through real-time monitoring, threat detection, log analysis, vulnerability detection, and automated incident response. By collecting and analyzing security data from endpoints, Wazuh enables organizations to […]

Security alerting enables organizations to promptly detect potential security incidents, allowing for rapid response and risk mitigation. Organizations can immediately prevent breaches, comply with regulatory requirements, and optimize operational efficiency by receiving timely alerts. Automated security alerting streamlines incident response processes, minimizing downtime and optimizing resource usage while demonstrating a commitment to proactive security measures. […]

Windows Performance Counter provides an in-depth and consistent interface for collecting different types of system data such as processor, memory, and disk usage statistics. Performance counters can be used to monitor system resources and performance. Windows performance counter data can be viewed in real time with the perfmon utility or alternatively, through the Powershell cmdlet […]

DFIR-IRIS is an open source platform for case management and incident response, enabling incident responders to document, track, and analyze security incidents. It supports remote investigations by allowing responders to access and share technical details about incidents, fostering collaboration and coordinated responses to threats. Integrating DFIR-IRIS with the Wazuh XDR and SIEM platform provides a […]

Grype is a lightweight, open source tool for scanning container images and filesystems for vulnerabilities. It examines container image layers and dependencies to identify known vulnerabilities in the software packages installed within the image. By inspecting each layer and its contents, Grype helps you proactively uncover potential security risks before deploying the container image into […]

MongoDB is a non-relational database system known for its flexibility, scalability, and performance. Unlike relational databases that use tables with predefined structures, MongoDB stores data in key, value pairs. MongoDB has features that include high performance, query API, horizontal scalability, and high availability. It is supported by Linux, Windows, and macOS operating systems.  Wazuh is […]

Credential access attacks are cyber attacks that aim to obtain users’ login credentials. These credentials can include usernames, passwords, security tokens, or other authentication information. They remain one of the critical security threats for organizations. It enables adversaries to gain unauthorized access to systems, facilitating lateral movement and privilege escalation within the targeted environment. This […]

Wazuh multi-site implementation offers a solution that helps organizations unify their security monitoring capabilities across multiple geographically dispersed locations or sites. This implementation focuses on having Wazuh cluster components that collect, process, and store logs from the Wazuh agents within each site. A single Wazuh dashboard displays security alerts generated from events occurring in monitored […]

In this blog post, we demonstrate how to configure an NGINX network load balancer using the hash algorithm.

CHAVECLOAK malware is a Windows-based banking trojan that targets South American financial sector individuals to steal sensitive financial information. The malware is distributed through phishing emails with embedded malicious PDF attachments. CHAVECLOAK blocks user device screens, logs keystrokes, and shows fake pop-up windows. The malware monitors the victim’s endpoint and becomes active when it detects […]

In March 2024, a backdoor was detected within XZ Utils, earning the designation CVE-2024-3094. The vulnerability has a CVSS score of 10, indicating its potential for critical impact if exploited. The vulnerability affects XZ versions 5.6.0 and 5.6.1 and presents a serious threat to endpoints that run Unix-like operating systems.  Previously, we detailed how to […]