Blog / Engineering / How to configure Rsyslog client to send events to Wazuh
Rsyslog is a high-performance, versatile log processing system commonly used in UNIX and Linux environments. It is responsible for handling log messages generated by various system components and applications. It...
Blog / Engineering / How to integrate external software using Integrator
Integrator is a tool which easily connects Wazuh with external software. This is achieved by integrating the alert system with the APIs of the software products through scripts. Examples of...
Blog / Engineering / Integrating Amazon Macie in Wazuh
Amazon offers many tools to monitor the status of its services. A good example is Amazon Macie, aimed at the surveillance of stored data. This is a resource of enormous...
Use cases / Threat Hunting
...threat hunters to evaluate security data efficiently, streamlining the process of identifying possible threats. Wazuh also includes an integrated reporting engine for generating customized reports. See our Threat Hunting documentation for...
Use cases / Posture Management
Cloud security posture management (CSPM) involves evaluating, enhancing, and maintaining an organization’s cloud security posture. It helps secure workloads in cloud environments by identifying security risks and ensuring compliance with...
Blog / Engineering / Detecting Metasploit attacks
...suspicious processes: root@DC-1:/# ps -eo user,pid,cmd | grep www-data www-data 4428 sh -c php -r 'eval(base64_decode(Lyo8P3B));' www-data 4429 php -r eval(base64_decode(Lyo8P3B)); Also, we can find an open connection for the...
Blog / Engineering / Adversary emulation on AWS with Stratus Red Team and Wazuh
...# ./stratus warmup aws.defense-evasion.cloudtrail-event-selectors # ./stratus detonate aws.defense-evasion.cloudtrail-event-selectors Cleanup the infrastructure At the end of the emulation, use the following command to destroy all the infrastructure created: $ ./stratus cleanup...
Blog / Engineering / Ensuring NIS2 compliance with Wazuh
...assessments are continuously validated. Evaluation of security measures effectiveness: Wazuh generates detailed reports on configuration compliance, allowing organizations to regularly evaluate the effectiveness of their security measures. By identifying misconfigurations,...
Blog / Engineering / Detecting Windows Screensaver persistence attack with Wazuh
...default screensaver folder as a defense evasion technique. For better defense evasion, the attacker may encode the payload so it cannot be detected by most antivirus solutions. Irrespective of the...
Blog / Engineering / Using Wazuh to detect Raspberry Robin worms
Raspberry Robin is an evasive Windows worm that spreads using removable drives. After infecting a system, it uses the Windows msiexec.exe utility to download its payload hosted on compromised QNAP...
Blog / Engineering / Detecting Lockbit 3.0 ransomware with Wazuh
...been in existence for three years, and during this period it has been upgraded twice to include new forms of infection and evasion techniques. Lockbit 3.0 is the latest version,...
Case studies / Achieving Proactive Defense
...different sources. After evaluating several proofs of concept, they selected Wazuh based on critical factors: Effective Ransomware Detection: Wazuh uniquely detected ransomware that had evaded detection during previous proof of...