SIEM
Remotely Upgrading Wazuh Agents – CLI Method
Views: 33To upgrade agents using the command line, use the agent_upgrade tool as follows: List all the agents with outdated software: [root@wazuh-server wazuh-user]# /var/ossec/bin/agent_upgrade -lID Name Version 001 zyberpatrol-pdc Wazuh v4.7.1 Upgrade the agent with ID 001 using the ‘-a’ parameter followed by the agent ID: [root@wazuh-server wazuh-user]# /var/ossec/bin/agent_upgrade -a 001 Upgrading… Upgraded agents: Agent 001 upgraded: Wazuh v4.7.1 … Read more
Threat Detection: Detecting a Webserver Attack
Views: 41LAB Setup Let’s use the DIWA ( Deliberately Insecure Web Application) vulnerable created by Tim Steufmehl , to setup the victim machine. Prepare a Linux machiine with Docker installed. Follow the these instructions to install Docker on Ubuntu. With the above steps, the DIWA app should be UP and running on the Linux VM. Let’s … Read more
Elastic SIEM: Developing Dashboards & Visualization
Views: 24Use case 1: Failed Logon Attempts (Disabled Users) Use case 2: Failed Logon Attempts (using Admin Accounts) Use case 3: Successful RDP Logon Related To Service Accounts Use case 4: Users Added Or Removed From A Local Group
SIEM Use cases
Views: 17How To Build SIEM Use Cases Example SIEM Use cases Use case 1: Microsoft Build Engine Started By An Office Application A practical example using the Elastic stack as a SIEM solution to help understand how to map each of the use case points listed above. MSBuild, part of the Microsoft Build Engine, is … Read more