Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Security Monitoring with Wazuh
  • Table Of Contents Toc
  • Feedback & Rating feedback
Security Monitoring with Wazuh

Security Monitoring with Wazuh

By : Rajneesh Gupta
3.9 (7)
close
close
Security Monitoring with Wazuh

Security Monitoring with Wazuh

3.9 (7)
By: Rajneesh Gupta

Overview of this book

Explore the holistic solution that Wazuh offers to improve your organization’s cybersecurity posture with this insightful guide. Security Monitoring with Wazuh is a comprehensive resource, covering use cases, tool integration, and compliance monitoring to equip you with the skills you need to build an enterprise-level defense system. The book begins by setting up an Intrusion Detection System (IDS), integrating the open-source tool Suricata with the Wazuh platform, and then explores topics such as network and host-based intrusion detection, monitoring for known vulnerabilities, exploits, and detecting anomalous behavior. As you progress, you’ll learn how to leverage Wazuh’s capabilities to set up Security Orchestration, Automation, and Response (SOAR). The chapters will lead you through the process of implementing security monitoring practices aligned with industry standards and regulations. You’ll also master monitoring and enforcing compliance with frameworks such as PCI DSS, GDPR, and MITRE ATT&CK, ensuring that your organization maintains a strong security posture while adhering to legal and regulatory requirements. By the end of this book, you’ll be proficient in harnessing the power of Wazuh and have a deeper understanding of effective security monitoring strategies.
Table of Contents (15 chapters)
close
close
1
Part 1:Threat Detection
4
Part 2: Threat Intelligence, Automation, Incident Response, and Threat Hunting
9
Part 3: Compliance Management
12
Chapter 9: Glossary

Blocking RDP brute-force attacks

According to Sophos, in the first half of 2023, adversaries leveraged Remote Desktop Protocol (RDP) in 95% of attacks, increased by 88% from 2023. RDP is a Microsoft-developed proprietary protocol that allows users to connect to and remotely operate another computer or device via a network connection. Attackers employ automated software to try many login and password combinations in order to obtain unauthorized access to systems via RDP. Mitigating such risks involves proactive measures as well as quick action to block malicious IP addresses that try these assaults. In this section, we will utilize Wazuh active response to block the attacker’s IP address against an RDP brute-force attack. We will cover the following points:

  • Requirement
  • Setting up a Windows agent with an active response script
  • Setting up the Wazuh server with a rule and active response script
  • Testing
  • Visualization

Requirement

In this use case...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
bookmark search playlist download font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY