Remotely Upgrading Wazuh Agents – CLI Method

by
This entry is part 1 of 4 in the series Wazuh - SIEM and XDR

Views: 89To upgrade agents using the command line, use the agent_upgrade tool as follows: List all the agents with outdated software: [root@wazuh-server wazuh-user]# /var/ossec/bin/agent_upgrade -lID    Name                                Version                   001   zyberpatrol-pdc                     Wazuh v4.7.1    Upgrade the agent with ID 001 using the ‘-a’ parameter followed by the agent ID: [root@wazuh-server wazuh-user]# /var/ossec/bin/agent_upgrade -a 001 Upgrading… Upgraded agents:       Agent 001 upgraded: Wazuh v4.7.1 … Read more

L4 – L7 Load Balancing

by
This entry is part 3 of 3 in the series F5 Local Traffic Manager (LTM)

Views: 42 Load Balancers Despite the name, a Load Balancer does not only balance the load: some of its core functionalities are: L4 to L7 Network Services Definition L4-L7 Network Services Definition are a set of functions such as: load balancing, web application firewalls, service discovery, and monitoring for network layers within the Open Systems Interconnection (OSI) model. … Read more

BIG-IP LTM: Deployment Models

by
This entry is part 2 of 3 in the series F5 Local Traffic Manager (LTM)

Views: 54Deployment Methods One-Arm Deployment In one-arm deployment, the load balancer is not physically in line of the traffic, which means that the load balancer’s ingress and egress traffic goes through the same network interface. Traffic from the client through the load balancer is network address translated (NAT) with the load balancer as its source … Read more

Threat Intelligence for SOC

by
This entry is part 2 of 22 in the series Threat Detection Engineering

Views: 49Threat Intelligence is the analysis of data and information using tools and techniques to generate meaningful patterns to mitigate against potential risks associated with existing or emerging threats targeting organisations, industries, sectors or governments. There are different classifications of Threat Intelligence, and the primary types of it are: Threat Intelligence Producers Threat Intelligence Producers … Read more

Threat Detection: Detecting a Webserver Attack

by
This entry is part 1 of 22 in the series Threat Detection Engineering

Views: 57LAB Setup Let’s use the DIWA ( Deliberately Insecure Web Application) vulnerable created by Tim Steufmehl , to setup the victim machine. Prepare a Linux machiine with Docker installed. Follow the these instructions to install Docker on Ubuntu. With the above steps, the DIWA app should be UP and running on the Linux VM. Let’s … Read more

Detection Engineering vs Threat Hunting

by
This entry is part 3 of 22 in the series Threat Detection Engineering

Views: 30DETECTION ENGINEERING: REINFORCING THE KNOWN Threat detection is the process of identifying threats in an organization that is actively trying to attack the endpoints, networks, devices and systems. Unlike threat hunting, a threat detection is a reactive approach: threat mitigation mechanisms activate only when the organization’s security system receives alerts on potential security breaches. … Read more

Linux System Hardening

by

Views: 10Create a GRUB password PBKDF2 stands for Password-Based Key Derivation Function 2. It is important to note that adding a password for GRUB is not available for systems deployed using cloud service providers (such as our Linux VM); a GRUB password does not make sense as you don’t have access to the physical terminal. Encryption There … Read more

Yara 101

by
This entry is part 4 of 22 in the series Threat Detection Engineering

Views: 25YARA is a powerful pattern-matching tool and rule format used for identifying and classifying files based on specific patterns, characteristics, or content. SOC analysts commonly use YARA rules to detect and classify malware samples, suspicious files, or indicators of compromise (IOCs). Yara is an essential tool used by SOC analysts to enhance their threat detection … Read more

nl NL en EN fr FR