How to configure Rsyslog client to send events to Wazuh
Learn how to configure a Rsyslog client to send event messages to the Wazuh manager step by step.
Learn how to configure a Rsyslog client to send event messages to the Wazuh manager step by step.
We will learn how to configure Wazuh to communicate with external APIs. Integrator is a tool which easily connects Wazuh with external software.
Learn how to monitor the data stored in your S3 with Amazon Macie and Wazuh.
We are going to attack a vulnerable server using Metasploit and then we will see how to use Wazuh to detect various of its attacks. This framework is the most used penetration testing framework in the world. It contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade […]
We are excited to announce the release of Wazuh 4.10.0. This release introduces integration with Microsoft Intune, enhanced logging for cloud integration modules, and debug symbol generation for macOS, Linux, and Windows. It includes a new vulnerability evaluation status field and major updates to SCA policies for improved security compliance on monitored endpoints. We also […]
XWorm is a .NET-based Remote Access Trojan (RAT) that initially emerged in early 2022 and resurfaced in 2025 with enhanced capabilities and renewed activity in targeted cyberattacks. Designed to compromise Windows endpoints, XWorm is widely adopted by threat actors due to its modular design and low detection rates when obfuscated, making it a persistent threat […]
Microsoft Hyper-V is a widely used virtualization platform in enterprise environments, powering everything from development labs to production workloads.
Lumma Stealer, also known as LummaC2 Stealer, is a customizable malware written in C/C++ that allows for efficient and low-level access to system resources. It uses extensive obfuscation and anti-analysis features, making it highly effective and hard to detect. It is distributed as a Malware-as-a-Service (MaaS) model, with several plans available on underground forums and […]
In our new blog post, we focus on adversary emulation on AWS with Stratus Red Team and using Wazuh security capabilities.
The Snapekit rootkit was reported by Gen Threat Labs on X (formerly Twitter) on October 2, 2024. They identified several behavioral patterns of the rootkit. At the time of writing, all publicly available Snapekit samples specifically target Arch Linux (6.10.2-arch1-1 x86_64). However, the rootkit can be easily adapted to impact other versions of Arch Linux […]
Network and Information Systems (NIS2) is a European Union (EU) legislation raising cybersecurity standards for businesses due to new cyber threats across the EU. It’s an update and expansion of the original NIS (Network and Information Systems) directive adopted in 2016. NIS2 broadens the scope to include energy, transport, banking, public administration, and space sectors. […]
Detecting data exfiltration is an important aspect of maintaining cybersecurity, especially when attackers leverage native system tools to evade detection. This technique, known as Living Off the Land (LOTL), involves the misuse of legitimate utilities in the operating system, making malicious activities blend with normal operations. Advanced Persistent Threat (APT) groups commonly use LOTL techniques, […]
Please make sure that all words are spelled correctly.