Blog / Engineering / How to configure Rsyslog client to send events to Wazuh
Rsyslog is a high-performance, versatile log processing system commonly used in UNIX and Linux environments. It is responsible for handling log messages generated by various system components and applications. It...
Blog / Engineering / How to integrate external software using Integrator
Integrator is a tool which easily connects Wazuh with external software. This is achieved by integrating the alert system with the APIs of the software products through scripts. Examples of...
Blog / Engineering / Integrating Amazon Macie in Wazuh
Amazon offers many tools to monitor the status of its services. A good example is Amazon Macie, aimed at the surveillance of stored data. This is a resource of enormous...
Use cases / Threat Hunting
...threat hunters to evaluate security data efficiently, streamlining the process of identifying possible threats. Wazuh also includes an integrated reporting engine for generating customized reports. See our Threat Hunting documentation for...
Use cases / Posture Management
Cloud security posture management (CSPM) involves evaluating, enhancing, and maintaining an organization’s cloud security posture. It helps secure workloads in cloud environments by identifying security risks and ensuring compliance with...
Blog / Releases / Introducing Wazuh 4.10.0
...of the new vulnerability.under_evaluation field, which provides an Evaluated and Under evaluation filter. The vulnerability.under_evaluation field is set to true when a vulnerability lacks a valid base score, classification, or...
Blog / Engineering / Detecting Metasploit attacks
...suspicious processes: root@DC-1:/# ps -eo user,pid,cmd | grep www-data www-data 4428 sh -c php -r 'eval(base64_decode(Lyo8P3B));' www-data 4429 php -r eval(base64_decode(Lyo8P3B)); Also, we can find an open connection for the...
Blog / Engineering / Adversary emulation on AWS with Stratus Red Team and Wazuh
...# ./stratus warmup aws.defense-evasion.cloudtrail-event-selectors # ./stratus detonate aws.defense-evasion.cloudtrail-event-selectors Cleanup the infrastructure At the end of the emulation, use the following command to destroy all the infrastructure created: $ ./stratus cleanup...
Blog / Engineering / Detecting and responding to Lumma Stealer with Wazuh
...cryptocurrency wallets, email credentials, financial information, and more. To evade detection, it uses sophisticated techniques like encryption and event-controlled operations. Lumma Stealer specifically targets Windows operating systems from Windows 7...
Blog / Engineering / Snapekit detection with Wazuh
...of Gen Threat Labs. Our investigation reveals that Snapekit is embedded in a dropper program designed to evade sandboxes and debuggers. The dropper checks its environment and only unpacks and...
Blog / Engineering / Ensuring NIS2 compliance with Wazuh
...assessments are continuously validated. Evaluation of security measures effectiveness: Wazuh generates detailed reports on configuration compliance, allowing organizations to regularly evaluate the effectiveness of their security measures. By identifying misconfigurations,...
Blog / Engineering / Detecting Windows Screensaver persistence attack with Wazuh
...default screensaver folder as a defense evasion technique. For better defense evasion, the attacker may encode the payload so it cannot be detected by most antivirus solutions. Irrespective of the...