Introduction to Wazuh
Wazuh 101
Intro
Wazuh is a type of SIEM (Security Information and Event Management) and XDR (Extended Detection and Response) tool.
It is free and open source, and it can help users learn about hacking and security while also protecting their devices. GitHub link: https://github.com/wazuh/wazuh
Deploying the tool is very simple: you just install a server and then deploy agents to all of the user’s computers and servers, regardless of the operating system (Mac, Windows, Linux).
The tasks of the agents are:
- Checking for security configuration and misconfiguration on the devices
- Checking for known vulnerabilities and malware on the devices
- Tracking changes to directories and files on the devices, including the Windows registry
The tasks of the server are to collect and display all the information from the agents and alert the user via email Slack or other methods.
The tool can perform active response, which means taking actions in response to detected threats, such as blocking an IP address that is trying to brute-force attack the user’s device.
Features
Just look at all the cool things you can do with this platform:
You can also track a whole lot of those regulations like GDPR, PCI, Hippa, and even Cloud Security with Office 365 or AWS integrations.
The most interesting feature of Wazuh is the ‘Security configuration assessment’ or the ‘CIS Benchmarks List’ (https://www.cisecurity.org/cis-benchmarks). This feature is about structuring the enterprise environment and hardening the enterprise systems.
Refer to the docs to check all the capabilities that Wazuh has.
Idea
Pentest a vuln app server (with automation) and use Wazuh as the XDR to protect against malicious activity
References:
- https://www.youtube.com/watch?v=3CaG2GI1kn0&ab_channel=NetworkChuck
- https://www.youtube.com/watch?v=i68atPbB8uQ&ab_channel=JohnHammond
Comments
Post a Comment