Wazuh is a complete and open-source platform for threat detection, security monitoring, incident response and regulatory concurrence. This process describes how to construct and use each of the Wazuh components, which consist of the Wazuh server, the Wazuh agent, and Elastic Stack
With Wazuh you will have:
- Threat Detection
◦ Vulnerability Detection
◦ Intrusion Detection
- Security Monitoring
◦ File Integrity Monitoring
◦ Log Data Analysis
◦ Security Analytics
◦ Containers Security
◦ Cloud Security
- Incident Response
- Regulatory Compliance
• Configuration Assessment
Security information management:
Wazuh monitors system and application configuration settings to ensure they are compliant with your security policies, standards, and/or hardening guides.
We have all the security events that take place on the system as you can see how many events were executed on the system. Like if you see over there was system logon success like the user successfully logged into the system and then there was the log of the user log off of the system.
And how many times that action happened on the particular agent and there is an integrity check some change like integrity is like if there is any change in the files present on the system.
It will be monitored by the pursue agent and then reported back to the system and there’s another remove security event related to remote code execution vulnerability that is in the windows graphic device interface and it auto it detects that and report that back to the manager where it is segregated and displayed over according to the rule sets and over there you can see the total number of events that were generated by up the agents like this interface shows all the events that are being generated by all the agents.
So over there we can see the agents and all the generated roundabouts number of events and number of events therefore above alerts, Authentication failure and success. So how the OCA ruleset work is like there are different levels of alerts from
- 1 to 5 is low
- 5 to 8 is medium and high
- And above 10 are critical.
So, the whole segregation of events and the security alerts is based on that.
The next part of security and formation management is integrity monitoring. So whenever you are doing malware analysis and you are taking a look at any rootkit services and viruses that are infecting the system.
The first thing that they change is like the chainsaw some particular files on the system so what this monitoring does is like helps you take a look at how many files were changed and which files were changed in a particular time and you can then take a look at what was changed in that file and put a dig deeper about understanding what that particular software did so this is a pretty neat functionality.
By default, it monitors which directory and some document entries and then registry entries, but you can also add custom directories to monitor.
The Wazuh security stage gives danger identification, design consistency, and consistent observing for multi-cloud and mixture conditions. It safeguards cloud jobs by observing the framework at two levels:
Endpoint level: checking cloud cases or virtual machines utilizing the lightweight Wazuh security specialist.
Cloud framework level: observing cloud administrations and actions by gathering and examining information from the supplier API. Amazon AWS, Microsoft Azure, and Google Cloud Platform are upheld.
If you require help, contact SupportPRO Server Admin