Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Security Monitoring with Wazuh
  • Table Of Contents Toc
  • Feedback & Rating feedback
Security Monitoring with Wazuh

Security Monitoring with Wazuh

By : Rajneesh Gupta
3.9 (7)
Buy this Book
close
close
Security Monitoring with Wazuh

Security Monitoring with Wazuh

3.9 (7)
By: Rajneesh Gupta
Buy this Book

Overview of this book

Explore the holistic solution that Wazuh offers to improve your organization’s cybersecurity posture with this insightful guide. Security Monitoring with Wazuh is a comprehensive resource, covering use cases, tool integration, and compliance monitoring to equip you with the skills you need to build an enterprise-level defense system. The book begins by setting up an Intrusion Detection System (IDS), integrating the open-source tool Suricata with the Wazuh platform, and then explores topics such as network and host-based intrusion detection, monitoring for known vulnerabilities, exploits, and detecting anomalous behavior. As you progress, you’ll learn how to leverage Wazuh’s capabilities to set up Security Orchestration, Automation, and Response (SOAR). The chapters will lead you through the process of implementing security monitoring practices aligned with industry standards and regulations. You’ll also master monitoring and enforcing compliance with frameworks such as PCI DSS, GDPR, and MITRE ATT&CK, ensuring that your organization maintains a strong security posture while adhering to legal and regulatory requirements. By the end of this book, you’ll be proficient in harnessing the power of Wazuh and have a deeper understanding of effective security monitoring strategies.
Table of Contents (15 chapters)
close
close
Preface
In Progress | 0 / 8 sections completed | 0%
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the example code files
Icon
Get in touch
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
1
Part 1:Threat Detection
In Progress | 0 / 1 sections completed | 0%
Icon
Part 1:Threat Detection
Free Chapter
2
Chapter 1: Intrusion Detection System (IDS) Using Wazuh
In Progress | 0 / 8 sections completed | 0%
Icon
Chapter 1: Intrusion Detection System (IDS) Using Wazuh
Icon
What is an IDS?
Icon
What is Suricata?
Icon
Getting started with Wazuh and Suricata
Icon
Understanding Suricata rules
Icon
Testing web-based attacks using DVWA
Icon
Testing NIDS with tmNIDS
Icon
Summary
3
Chapter 2: Malware Detection Using Wazuh
In Progress | 0 / 9 sections completed | 0%
Icon
Chapter 2: Malware Detection Using Wazuh
Icon
Types of malware
Icon
Wazuh capabilities for malware detection
Icon
Malware detection using FIM
Icon
The CDB list
Icon
VirusTotal integration
Icon
Integrating Windows Defender logs
Icon
Integrating Sysmon to detect fileless malware
Icon
Summary
4
Part 2: Threat Intelligence, Automation, Incident Response, and Threat Hunting
In Progress | 0 / 1 sections completed | 0%
Icon
Part 2: Threat Intelligence, Automation, Incident Response, and Threat Hunting
5
Chapter 3: Threat Intelligence and Analysis
In Progress | 0 / 9 sections completed | 0%
Icon
Chapter 3: Threat Intelligence and Analysis
Icon
What is threat intelligence?
Icon
Automated threat intelligence
Icon
Setting up TheHive and Cortex
Icon
Setting up MISP
Icon
Integrating Wazuh with TheHive
Icon
Integrating TheHive and Cortex with MISP
Icon
Use cases
Icon
Summary
6
Chapter 4: Security Automation Using Shuffle
In Progress | 0 / 8 sections completed | 0%
Icon
Chapter 4: Security Automation Using Shuffle
Icon
What is SOAR?
Icon
How a SOC analyst uses SOAR
Icon
Introduction to Shuffle
Icon
Retrieving Wazuh alerts
Icon
Remotely managing Wazuh
Icon
Important Shuffle apps
Icon
Summary
7
Chapter 5: Incident Response with Wazuh
In Progress | 0 / 8 sections completed | 0%
chevron up
Icon
Chapter 5: Incident Response with Wazuh
Icon
Introduction to incident response
Icon
Incident response automation
Icon
Wazuh active response
Icon
Blocking unauthorized SSH access
Icon
Isolating a Windows machine post-infection
Icon
Blocking RDP brute-force attacks
Icon
Summary
8
Chapter 6: Threat Hunting with Wazuh
In Progress | 0 / 7 sections completed | 0%
Icon
Chapter 6: Threat Hunting with Wazuh
Icon
Proactive threat hunting with Wazuh
Icon
Log data analysis for threat hunting
Icon
MITRE ATT&CK mapping
Icon
Threat hunting using Osquery
Icon
Command monitoring
Icon
Summary
9
Part 3: Compliance Management
In Progress | 0 / 1 sections completed | 0%
Icon
Part 3: Compliance Management
10
Chapter 7: Vulnerability Detection and Configuration Assessment
In Progress | 0 / 6 sections completed | 0%
Icon
Chapter 7: Vulnerability Detection and Configuration Assessment
Icon
Introduction to vulnerability detection and security configuration management
Icon
PCI DSS
Icon
NIST 800-53
Icon
HIPAA
Icon
Summary
11
Chapter 8: Appendix
In Progress | 0 / 6 sections completed | 0%
Icon
Chapter 8: Appendix
Icon
Custom PowerShell rules
Icon
Custom Wazuh rules for Auditd
Icon
Custom Wazuh rules for Kaspersky Endpoint Security
Icon
Custom Wazuh rules for Sysmon
Icon
Summary
12
Chapter 9: Glossary
In Progress | 0 / 22 sections completed | 0%
Icon
Chapter 9: Glossary
Icon
A
Icon
B
Icon
C
Icon
D
Icon
E
Icon
F
Icon
G
Icon
H
Icon
I
Icon
J
Icon
K
Icon
L
Icon
M
Icon
N
Icon
O
Icon
P
Icon
R
Icon
S
Icon
T
Icon
V
Icon
Y
13
Index
In Progress | 0 / 2 sections completed | 0%
Icon
Index
Icon
Why subscribe?
14
Other Books You May Enjoy
In Progress | 0 / 4 sections completed | 0%
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

Isolating a Windows machine post-infection

The process of isolating a compromised endpoint is an essential part of IR in a SOC. In order to stop the threat from spreading and inflicting further damage, you must isolate the infected device or system from the network immediately. Also remember that it is important to examine the severity of the compromise, the value of the asset, and the potential impact on the business before deciding on an isolation strategy; isolation is not a silver bullet. A ransomware attack is an essential attack scenario in which isolation is a crucial step. Ransomware is a type of malware that encrypts the data of a victim and demands payment for the decryption key. It frequently spreads quickly throughout a network, potentially affecting many endpoints. In this section, we will isolate a Windows machine post-infection by malware. We will utilize the Wazuh active response capability to create an automatic outbound rule to block all outgoing traffic. In this...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 6
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY