In this article, i will discuss the different methods which can be used to monitor network devices and cover some basics on Wazuh HIDS agentless configuration.
Windows Event Channel monitoring in OSSEC is the modern version of Event Log, and unlike this, Event Channel allows you to make queries in order to filter events.
In some environments the hardest part of the deployment process is the installation of OSSEC on Windows endpoints. Wazuh has created a tool to install, register and connect Windows agents.
In this article we will be learning how to configure OSSEC, using the report_changes option, in order to get the exact content changes from a file that has been previously modified.
OSSEC is used for file integrity monitoring by thousands of companies. In this tutorial I will show you how to setup windows group policies, create custom decoders for security events, [...]
The ruleset is one of the most important parts of OSSEC. Thanks to the ruleset, OSSEC is able to detect attacks, intrusions, software misuse, configuration problems, application errors, malware, rootkits, [...]
The goal of this article is to explain how to set up a basic configuration of FIM (File Integrity Monitoring) using the syscheck component in OSSEC. After that, we will to [...]
OSSEC can be used to monitor whether the SSH configuration file allows root user access. In this particular case, we show how to use OSSEC to check that this file [...]