Book Image

Security Monitoring with Wazuh

By : Rajneesh Gupta
Book Image

Security Monitoring with Wazuh

By: Rajneesh Gupta

Overview of this book

Explore the holistic solution that Wazuh offers to improve your organization’s cybersecurity posture with this insightful guide. Security Monitoring with Wazuh is a comprehensive resource, covering use cases, tool integration, and compliance monitoring to equip you with the skills you need to build an enterprise-level defense system. The book begins by setting up an Intrusion Detection System (IDS), integrating the open-source tool Suricata with the Wazuh platform, and then explores topics such as network and host-based intrusion detection, monitoring for known vulnerabilities, exploits, and detecting anomalous behavior. As you progress, you’ll learn how to leverage Wazuh’s capabilities to set up Security Orchestration, Automation, and Response (SOAR). The chapters will lead you through the process of implementing security monitoring practices aligned with industry standards and regulations. You’ll also master monitoring and enforcing compliance with frameworks such as PCI DSS, GDPR, and MITRE ATT&CK, ensuring that your organization maintains a strong security posture while adhering to legal and regulatory requirements. By the end of this book, you’ll be proficient in harnessing the power of Wazuh and have a deeper understanding of effective security monitoring strategies.

Related Content you might be interested in

Current Title:

Small book image
Security Monitoring with Wazuh
Rajneesh Gupta
Apr, 2024 | 322 pages
Small book image
Hands-On Security in DevOps
Tony HsiangChih Hsu
Jul, 2018 | 356 pages
Small book image
Incident Response with Threat Intelligence
Roberto Martinez
Jun, 2022 | 468 pages
Small book image
Mastering Cyber Intelligence
Jean Nestor M Dahj
Apr, 2022 | 528 pages
Table of Contents (15 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Part 1:Threat Detection
Part 1:Threat Detection
Free Chapter
2
Chapter 1: Intrusion Detection System (IDS) Using Wazuh
Chapter 1: Intrusion Detection System (IDS) Using Wazuh
What is an IDS?
What is Suricata?
Getting started with Wazuh and Suricata
Understanding Suricata rules
Testing web-based attacks using DVWA
Testing NIDS with tmNIDS
Summary
3
Chapter 2: Malware Detection Using Wazuh
Chapter 2: Malware Detection Using Wazuh
Types of malware
Wazuh capabilities for malware detection
Malware detection using FIM
The CDB list
VirusTotal integration
Integrating Windows Defender logs
Integrating Sysmon to detect fileless malware
Summary
4
Part 2: Threat Intelligence, Automation, Incident Response, and Threat Hunting
Part 2: Threat Intelligence, Automation, Incident Response, and Threat Hunting
5
Chapter 3: Threat Intelligence and Analysis
Chapter 3: Threat Intelligence and Analysis
What is threat intelligence?
Automated threat intelligence
Setting up TheHive and Cortex
Setting up MISP
Integrating Wazuh with TheHive
Integrating TheHive and Cortex with MISP
Use cases
Summary
6
Chapter 4: Security Automation Using Shuffle
Chapter 4: Security Automation Using Shuffle
What is SOAR?
How a SOC analyst uses SOAR
Introduction to Shuffle
Retrieving Wazuh alerts
Remotely managing Wazuh
Important Shuffle apps
Summary
7
Chapter 5: Incident Response with Wazuh
Chapter 5: Incident Response with Wazuh
Introduction to incident response
Incident response automation
Wazuh active response
Blocking unauthorized SSH access
Isolating a Windows machine post-infection
Blocking RDP brute-force attacks
Summary
8
Chapter 6: Threat Hunting with Wazuh
Chapter 6: Threat Hunting with Wazuh
Proactive threat hunting with Wazuh
Log data analysis for threat hunting
MITRE ATT&CK mapping
Threat hunting using Osquery
Command monitoring
Summary
9
Part 3: Compliance Management
Part 3: Compliance Management
10
Chapter 7: Vulnerability Detection and Configuration Assessment
Chapter 7: Vulnerability Detection and Configuration Assessment
Introduction to vulnerability detection and security configuration management
PCI DSS
NIST 800-53
HIPAA
Summary
11
Chapter 8: Appendix
Chapter 8: Appendix
Custom PowerShell rules
Custom Wazuh rules for Auditd
Custom Wazuh rules for Kaspersky Endpoint Security
Custom Wazuh rules for Sysmon
Summary
12
Chapter 9: Glossary
Chapter 9: Glossary
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
R
S
T
V
Y
13
Index
Index
Why subscribe?
14
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book

Incident response automation

Effective IR is time-sensitive and requires teams to identify threats and initiate an incident response plan (IRP) as soon as possible. A security team receives thousands of security alerts from security tools every day and hence it is difficult to manually analyze events or assess every alarm that security tools generate. These constraints are addressed via automated IR. In Chapter 4, Security Automation and Orchestration Using Shuffle, we learned how shuffle SOAR makes this possible by creating workflows, helping the security team with automated incident enrichment, automated observable analysis with TheHive tool integration, automating Wazuh activities, and many more. In this chapter, our focus will be on using Wazuh’s in-built capability called active response to perform IR. In general, IR automation can help the security team with the following:

  • Immediate containment: Once compromised systems are identified, automated IR systems should...
Previous Section
End of Section 3
Next Section