Blog / Engineering / Load balancing a Wazuh server cluster using NGINX
...--group=nginx --with-compat --with-debug --with-file-aio --with-google_perftools_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_geoip_module=dynamic --with-stream_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit...
Blog / Releases / Wazuh v3.12.0 released
...support versions greater than 1.4 (by @iasdeoupxe). Added rules and decoders for Junos. Fixed GPG requirement in Windows rules. Improved Cisco decoders and fixed Owlh rule’s IDs conflict. Fixed checkpoint decoders...
Blog / Releases / Wazuh 4.0 released
...any questions about Wazuh 4.0, don’t hesitate to check out our documentation to learn more about Wazuh. You can also join our Slack and our mailing list where our team and other users will help you....
Blog / News / Human Managed and Wazuh sign a partnership agreement
San Jose, California, August 2022. We are pleased to announce that Wazuh has signed a partnership agreement with Human Managed, a data company that delivers intelligence on-demand for digital, cyber,...
Blog / News / Security Validation and Wazuh sign a partnership agreement
San Jose, California, May 2023. We are glad to announce that Security Validation has signed a partnership agreement with Wazuh. Security Validation is a Global Leader providing unparalleled managed security...
Blog / Engineering / Detecting SharpHound Active Directory activities with Wazuh
...name="win.eventdata.targetFilename" type="pcre2">(?i)([^\\]+?)(_computers\.json$|_domains\.json$|_ous\.json$|_users\.json$|_groups\.json$|_containers\.json$|_gpos\.json$)</field> <description>Possible Bloodhound activity detected: $(win.eventdata.targetFilename) file created by $(win.eventdata.image).</description> <mitre> <id>T1036</id> </mitre> </rule> <!-- This rule detects the creation of a zip file by an executable binary--> <rule...
Blog / Engineering / Container vulnerability scanning with Wazuh and Snyk
...ready to be used. jq installation jq is a versatile and lightweight command-line JSON processor. The jq binary is important in facilitating the processing of JSON results generated by the...
One problem I have faced is having different SIEMS monitoring one host device for instance you need different logs from one endpoint device…
Security Information and Event Management (or SIEM) is a subset of the computer security field…
With the rise of big data, organizations are collecting and storing more data than ever before…
