Blog / Engineering / Exploring security alerting options for improved threat detection in Wazuh – Part 2
...Al", "last_name": "Noman", "username": "x0k3r", "language_code": "en" }, "chat": { "id": <chat_id>, "first_name": "Abdullah Al", "last_name": "Noman", "username": "<username>", "type": "private" }, "date": 1722324221, "text": "/start", "entities": [ { "offset":...
Blog / Engineering / Empowering threat visibility with Wazuh and Maltiverse
...alert: # echo "timestamp=Oct 18 15:25:12 identifier=abdullahgtrlab action=dns_query details=Querying DNS for hostname: dobreusluge.zauvijek.itsforever.net" >> /var/log/maltiverse-test.log Result Navigate to the Security events on your Wazuh dashboard to see the alert generated...
Blog / Engineering / Monitoring USB drives in Windows using Wazuh
...real-time. It also shows how to configure the Wazuh CDB list to filter authorized and unauthorized USB drives. By monitoring USB drives, you can protect organizational data from theft, and...
Blog / Engineering / Monitoring VMware ESXi with Wazuh
...gcc autoconf libtool libssl-dev pkg-config jq # curl -LO https://github.com/VirusTotal/yara/archive/v4.3.1.tar.gz # tar -xvzf v4.3.1.tar.gz -C /usr/local/bin/ && rm -f v4.3.1.tar.gz # cd /usr/local/bin/yara-4.3.1/ # ./bootstrap.sh && ./configure && make &&...
Blog / Engineering / Enhancing IT security with anomaly detection in Wazuh
...types of detector jobs – Real-time detection and Historical analysis detection. Real-time detection allows you to find anomalies in Wazuh data in near real-time. Whereas historical analysis detection allows you...
Blog / Engineering / Monitoring USB drives in macOS using Wazuh
...access and transfer data. However, it’s essential to be cautious about security. USB drives can carry malware, posing a risk to your macOS systems. Organizations should proactively implement real-time tracking...
Blog / Engineering / Filtering security data with the Wazuh Query Language
...<interval>5m</interval> <min_full_scan_interval>6h</min_full_scan_interval> <run_on_start>yes</run_on_start> <!-- Ubuntu OS vulnerabilities --> <provider name="canonical"> <enabled>yes</enabled> <os>trusty</os> <os>xenial</os> <os>bionic</os> <os>focal</os> <os>jammy</os> <update_interval>1h</update_interval> </provider> <vulnerability-detector> 2. Restart the Wazuh manager for the changes to take effect:...
Blog / Engineering / Exploring security alerting options for improved threat detection in Wazuh – Part 1
Security alerting enables organizations to promptly detect potential security incidents, allowing for rapid response and risk mitigation. Organizations can immediately prevent breaches, comply with regulatory requirements, and optimize operational efficiency...