0% found this document useful (0 votes)

33 views2 pages

Wazuh Capa

Uploaded by

Maryam Laqlii

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

33 views2 pages

Wazuh Capa

Uploaded by

Maryam Laqlii

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 2

1.

Configure Wazuh File Integrity Monitoring (FIM)

Wazuh’s FIM module monitors specified directories and files, generating alerts when
modifications occur. To set up FIM, add the necessary directories and files in the
configuration file:

Open the FIM configuration in ossec.conf (typically located in

/var/ossec/etc/ossec.conf ):

<syscheck>
<directories check_all="yes">/path/to/monitor</directories>
<frequency>3600</frequency>
</syscheck>

This configuration monitors /path/to/monitor for changes every hour ( frequency ).

2. Configure FIM to Use CDB Lists for Hash Matching

Wazuh can check monitored files against a CDB list containing known malicious file
hashes. CDB lists are compact databases used for fast lookups.

To create a CDB file, add known file hashes to a CSV file (for example,
hashes.csv ) in the format:

sha256,<malicious-hash>
sha256,<another-hash>

Convert this CSV file to a CDB file using cdb utilities:

cdb -c hashes.cdb < hashes.csv

Add the CDB list to ossec.conf to instruct Wazuh to check monitored files
against it:

<syscheck>
<directories check_all="yes">/path/to/monitor</directories>
<frequency>3600</frequency>
<cdb_list>/var/ossec/etc/lists/hashes.cdb</cdb_list>
</syscheck>

3. Configure VirusTotal Integration for Hash Lookups

VirusTotal provides API access for checking file hashes against its malware database.
To use this:

1. Get a VirusTotal API Key:

Sign up on VirusTotal and obtain an API key.

2. Configure Wazuh to Use VirusTotal:

Set up an integration script that queries VirusTotal with detected

hashes. Here’s a basic example in Python:
import requests

def check_virus_total(hash):
api_key = 'your_virustotal_api_key'
url = f'https://www.virustotal.com/api/v3/files/{hash}'
headers = {'x-apikey': api_key}
response = requests.get(url, headers=headers)
return response.json()

You can call this script within Wazuh’s custom rules to query VirusTotal
whenever a new hash is detected.

4. Use YARA for Malware Detection with FIM

YARA rules allow Wazuh to identify malware by matching file patterns.

1. Install YARA: First, install YARA on the system.

2. Create YARA Rules: Write YARA rules for detecting malware based on file
signatures. Place these in a rule file, like malware_rules.yara .

rule Malicious_File
{
strings:
$mz = "MZ"
$evil_string = "malicious code"
condition:
$mz at 0 and $evil_string
}

3. Configure Wazuh to Use YARA: Update the ossec.conf to scan files with YARA:

<syscheck>
<directories check_all="yes">/path/to/monitor</directories>
<frequency>3600</frequency>
<yara>
<rules>/var/ossec/etc/rules/malware_rules.yara</rules>
</yara>
</syscheck>

5. Set Up Wazuh Rules for Custom Alerts and Active Responses

Once you have FIM, CDB, VirusTotal, and YARA configured, set up custom rules in Wazuh
to define alert levels and responses for identified threats.

In the rules configuration ( /var/ossec/etc/rules/local_rules.xml ), you might add:

<rule id="100001" level="10">

<decoded_as>syscheck</decoded_as>
<description>Detected malicious file based on VirusTotal or YARA scan</description>
<options>no_full_log</options>
</rule>

Soc Analyst Internship Booklet
No ratings yet
Soc Analyst Internship Booklet
54 pages
Wazuh Presentation
No ratings yet
Wazuh Presentation
7 pages
Advanced Threat Detection With Wazuh
No ratings yet
Advanced Threat Detection With Wazuh
31 pages
Task 2 Firewall + IDS Integration
No ratings yet
Task 2 Firewall + IDS Integration
47 pages
VT Integration With Wazuh SOP
No ratings yet
VT Integration With Wazuh SOP
7 pages
File Integrity Monitoring
No ratings yet
File Integrity Monitoring
33 pages
Wazuh Documentation
No ratings yet
Wazuh Documentation
10 pages
Cp4152 Database Practices Lab Record
No ratings yet
Cp4152 Database Practices Lab Record
38 pages
Recursion, As A Different Way of Solving Problems. Example Programs Such As Finding Factorial. Fibon
No ratings yet
Recursion, As A Different Way of Solving Problems. Example Programs Such As Finding Factorial. Fibon
11 pages
Sysmon Integration With Wazuh
No ratings yet
Sysmon Integration With Wazuh
16 pages
Lab 04 FIM File Integrity Monitoring 1715576637
No ratings yet
Lab 04 FIM File Integrity Monitoring 1715576637
19 pages
Open Research Online: Integrating Web Services Into Data Intensive Web Sites
No ratings yet
Open Research Online: Integrating Web Services Into Data Intensive Web Sites
9 pages
Advanced Malware Scanner
No ratings yet
Advanced Malware Scanner
15 pages
Cyber Data Collection Via Analysis & Intelligence
No ratings yet
Cyber Data Collection Via Analysis & Intelligence
44 pages
Step-By-Step Setup of Wazuh SIEM On Ubuntu 22 - 04 - 3 LTS
No ratings yet
Step-By-Step Setup of Wazuh SIEM On Ubuntu 22 - 04 - 3 LTS
23 pages
Wazuh-Poc
No ratings yet
Wazuh-Poc
38 pages
Ransomware Detection Tool Using VirusTotal API
No ratings yet
Ransomware Detection Tool Using VirusTotal API
4 pages
Therac-25 Public Testing
No ratings yet
Therac-25 Public Testing
9 pages
CIF Changes in Hana
No ratings yet
CIF Changes in Hana
2 pages
CDB List
No ratings yet
CDB List
9 pages
CSC 101 Components of A Computer, OS, +.
No ratings yet
CSC 101 Components of A Computer, OS, +.
16 pages
Files
No ratings yet
Files
15 pages
Mounting A Hard Disk With Forensic Image
No ratings yet
Mounting A Hard Disk With Forensic Image
7 pages
AMPL Upgrade Plan
No ratings yet
AMPL Upgrade Plan
9 pages
Chapter Two
No ratings yet
Chapter Two
18 pages
4 ProcessesProf
No ratings yet
4 ProcessesProf
3 pages
Opensource Security Platformy Wazuh
No ratings yet
Opensource Security Platformy Wazuh
66 pages
CS Project File
No ratings yet
CS Project File
12 pages
SuperCard Guide v1.1
No ratings yet
SuperCard Guide v1.1
22 pages
70-532: Developing Microsoft Azure Solutions
100% (1)
70-532: Developing Microsoft Azure Solutions
82 pages
Build Open Source SIEM HA Using Wazuh Docker
No ratings yet
Build Open Source SIEM HA Using Wazuh Docker
6 pages
Enhancing Threat Detection
No ratings yet
Enhancing Threat Detection
6 pages
Getting Started With Wazuh!!!
No ratings yet
Getting Started With Wazuh!!!
5 pages
4 Arrays in 'C'
100% (10)
4 Arrays in 'C'
19 pages
MONITORING OF MALICIOUS COMMANDS by MUHAMMAD ABDUL REHMAN
No ratings yet
MONITORING OF MALICIOUS COMMANDS by MUHAMMAD ABDUL REHMAN
11 pages
Wazuh
No ratings yet
Wazuh
3 pages
Aquarz SOC Book ITSolera
No ratings yet
Aquarz SOC Book ITSolera
65 pages
ConVox CCS NRHM
No ratings yet
ConVox CCS NRHM
29 pages
Identifying Malware With VirusTotal and Wazuh
No ratings yet
Identifying Malware With VirusTotal and Wazuh
16 pages
Wazuh Upgrade Guide
No ratings yet
Wazuh Upgrade Guide
7 pages
04-File Integrity Monitoring
No ratings yet
04-File Integrity Monitoring
11 pages
Ifr6000 and Ifr6015 Usb Upgrade Product Information Letter Software Firmware Releases en
No ratings yet
Ifr6000 and Ifr6015 Usb Upgrade Product Information Letter Software Firmware Releases en
3 pages
2020 Marvell Product Selector Guide: Total Solutions From Marvell
No ratings yet
2020 Marvell Product Selector Guide: Total Solutions From Marvell
29 pages
Office 2013 Keys
No ratings yet
Office 2013 Keys
1 page
Check Point CLI Reference Card / Cheat Sheet
100% (2)
Check Point CLI Reference Card / Cheat Sheet
2 pages
Sysmon Wazuh
No ratings yet
Sysmon Wazuh
5 pages
MartinOverton VBSeminar
No ratings yet
MartinOverton VBSeminar
35 pages
Best Practices For Form Design
No ratings yet
Best Practices For Form Design
133 pages
Acheivement Demo 7
No ratings yet
Acheivement Demo 7
20 pages
01-Introduction & Installation
No ratings yet
01-Introduction & Installation
42 pages
Olug 202311 Wazuh
No ratings yet
Olug 202311 Wazuh
21 pages
Wazuh - Monitor Everything. Wazuh Monitoring and Detection - by Dhiraj Ambigapathi - Jan, 2024 - Medium
No ratings yet
Wazuh - Monitor Everything. Wazuh Monitoring and Detection - by Dhiraj Ambigapathi - Jan, 2024 - Medium
24 pages
SIEM Server Haderning 1729856023
No ratings yet
SIEM Server Haderning 1729856023
49 pages
Bsotm Lab 2
No ratings yet
Bsotm Lab 2
2 pages
IT Book Sinhala
50% (2)
IT Book Sinhala
7 pages
Model SA-10 Owner's Manual: Super Audio CD Player
No ratings yet
Model SA-10 Owner's Manual: Super Audio CD Player
46 pages
Advanced Malware Analysis 2020
No ratings yet
Advanced Malware Analysis 2020
20 pages
Lab Guide 5
No ratings yet
Lab Guide 5
29 pages
WAZUH
No ratings yet
WAZUH
8 pages
Wazuh Installation & FIM Monitoring
No ratings yet
Wazuh Installation & FIM Monitoring
7 pages
Wazuh Detekce Hrozeb A Aktivni Ochrana
No ratings yet
Wazuh Detekce Hrozeb A Aktivni Ochrana
23 pages
Wazuh Installation & FIM Monitoring
No ratings yet
Wazuh Installation & FIM Monitoring
7 pages
Javid Hafiz
No ratings yet
Javid Hafiz
55 pages
Motor Forward and Reverse Direction Control Using A PLC
No ratings yet
Motor Forward and Reverse Direction Control Using A PLC
5 pages
VULNERABILITY DETECTION LAB by MUHAMMAD ABDUL REHMAN KHAN
No ratings yet
VULNERABILITY DETECTION LAB by MUHAMMAD ABDUL REHMAN KHAN
11 pages
BSOTM LAB Complete
No ratings yet
BSOTM LAB Complete
7 pages
Training Slide Deck 3
No ratings yet
Training Slide Deck 3
21 pages
Valuable Tool For Blue Team
No ratings yet
Valuable Tool For Blue Team
32 pages
Bria 3 Dial Plan Guide R1
No ratings yet
Bria 3 Dial Plan Guide R1
8 pages
Siwes Report
100% (9)
Siwes Report
12 pages
CP Cli Ref Card
No ratings yet
CP Cli Ref Card
2 pages
CCTV Camera 2
No ratings yet
CCTV Camera 2
8 pages
6.additonal Program-2 (FIRST FOLLOW)
No ratings yet
6.additonal Program-2 (FIRST FOLLOW)
6 pages
Part 2: Defining PLM - Critical "Must Have" Capabilities
No ratings yet
Part 2: Defining PLM - Critical "Must Have" Capabilities
7 pages
Penetration - Testing Tutorial
No ratings yet
Penetration - Testing Tutorial
3 pages
WUZUH - Security Information Event Management - Documentation
No ratings yet
WUZUH - Security Information Event Management - Documentation
59 pages
Evans Korir Wazuh CS-SA04-23033
No ratings yet
Evans Korir Wazuh CS-SA04-23033
6 pages
Integrating VirusTotal & Windows Defender With Wazuh ?
No ratings yet
Integrating VirusTotal & Windows Defender With Wazuh ?
15 pages
BASICQUERY2
No ratings yet
BASICQUERY2
3 pages
Hospital Management System
No ratings yet
Hospital Management System
22 pages
TechSmith Camtasia Studio EULA
No ratings yet
TechSmith Camtasia Studio EULA
14 pages
Check Point CLI Reference Card & Cheat Sheet - V 1.6: Email WWW Twitter
100% (1)
Check Point CLI Reference Card & Cheat Sheet - V 1.6: Email WWW Twitter
2 pages
Advanced DFIR PDF
No ratings yet
Advanced DFIR PDF
9 pages
Proof of Concept Guide
No ratings yet
Proof of Concept Guide
14 pages

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Wazuh Capa

Uploaded by

Wazuh Capa

Uploaded by

1.

Configure Wazuh File Integrity Monitoring (FIM)

Open the FIM configuration in ossec.conf (typically located in

This configuration monitors /path/to/monitor for changes every hour ( frequency ).

2. Configure FIM to Use CDB Lists for Hash Matching

Convert this CSV file to a CDB file using cdb utilities:

cdb -c hashes.cdb < hashes.csv

3. Configure VirusTotal Integration for Hash Lookups

1. Get a VirusTotal API Key:

Sign up on VirusTotal and obtain an API key.

2. Configure Wazuh to Use VirusTotal:

Set up an integration script that queries VirusTotal with detected

4. Use YARA for Malware Detection with FIM

1. Install YARA: First, install YARA on the system.

5. Set Up Wazuh Rules for Custom Alerts and Active Responses

In the rules configuration ( /var/ossec/etc/rules/local_rules.xml ), you might add:

<rule id="100001" level="10">

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.