Blog / Engineering / Detecting defense evasion techniques with Wazuh

Defense evasion techniques are methods that threat actors use to conceal their presence, bypass security mechanisms, and operate undetected on compromised systems. By evading detection, adversaries can maintain persistence and continue malicious activity even during active monitoring or security scans. Common defense evasion methods include disabling or uninstalling security tools, tampering with event logs, obfuscating […]

Blog / Engineering / How to configure Rsyslog client to send events to Wazuh

Learn how to configure a Rsyslog client to send event messages to the Wazuh manager step by step.

Blog / Engineering / How to integrate external software using Integrator

We will learn how to configure Wazuh to communicate with external APIs. Integrator is a tool which easily connects Wazuh with external software.

Blog / Engineering / Integrating Amazon Macie in Wazuh

Learn how to monitor the data stored in your S3 with Amazon Macie and Wazuh.

Blog / Engineering / Monitoring access control violations with Open Policy Agent (OPA) and Wazuh

Access control protects the confidentiality, integrity, and availability of systems and data. It is important because attackers frequently exploit legitimate accounts, excessive permissions, and weak policy enforcement to blend into normal operations. While access control systems are designed to prevent unauthorized actions, the decisions they generate, such as denied requests, privilege escalations, or anomalous authorization […]

Use cases / Threat Hunting

With advanced threat hunting capabilities, security teams can stay proactive in identifying and eliminating emerging threats.

Use cases / Posture Management

Cloud security posture management (CSPM) involves evaluating, enhancing, and maintaining an organization's cloud security posture.

Blog / Releases / Introducing Wazuh 4.10.0

We are excited to announce the release of Wazuh 4.10.0. This release introduces integration with Microsoft Intune, enhanced logging for cloud integration modules, and debug symbol generation for macOS, Linux, and Windows. It includes a new vulnerability evaluation status field and major updates to SCA policies for improved security compliance on monitored endpoints. We also […]

Blog / Engineering / Detecting Metasploit attacks

We are going to attack a vulnerable server using Metasploit and then we will see how to use Wazuh to detect various of its attacks. This framework is the most used penetration testing framework in the world. It contains a suite of tools that you can use to test security vulnerabilities, enumerate networks, execute attacks, and evade […]

Blog / Engineering / Monitoring Hyper-V with Wazuh

Microsoft Hyper-V is a widely used virtualization platform in enterprise environments, powering everything from development labs to production workloads.