Download the example code files

You can download the code mentioned in the book from the GitHub repository here: https://github.com/PacktPublishing/Security-Monitoring-using-Wazuh

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

Disclaimer on images

This book contains many horizontally long screenshots. These screenshots provide readers with an overview of Wazuh's execution plans for various operations. As a result, the text in these images may appear small at 100% zoom. Additionally, you will be able to examine these plans more thoroughly in the output of Wazuh as you work through the examples.

Conventions used

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “Copy the curl command to download the Wazuh module and start the Wazuh agent service as mentioned in the following diagram.”

A block of code is set as follows:

<rule id="200101" level="1"> 
<if_sid>60009</if_sid> 
<field name="win.system.providerName">^PowerShell$</field> 
<mitre>

When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:

policy: 
   id: "rdp_audit" 
   file: "sca_rdp_audit.yml" 
   name: "System audit for Windows based      system" 
   description: "Guidance for establishing a secure configuration for Unix based systems." 

Any command-line input or output is written as follows:

$ sudo systemctl restart wazuh-agent

Bold: Indicates a new term, an important word, or words that you see on screen. For instance, words in menus or dialog boxes appear in bold. Here is an example: “Suricata is an open-source network intrusion detection and prevention system (IDS/IPS).”

Tips or important notes

Appear like this.