Powered By TEKGENX CONSULTING
Views: 34 Wazuh Integration with VirusTotal Overview Wazuh integrates with VirusTotal to detect malicious files via the File Integrity Monitoring (FIM) module. This allows inspection of monitored files for potential threats. About VirusTotal Create an account in VirusTotal website and obtain a public key to use in this lab. How Wazuh Integration Works Configuration Steps … Read more
Views: 50Link to the TryHackMe Room; https://tryhackme.com/r/room/servidae Room Objectives: In this room, we will analyze the log data from a compromised workstation using the Kibana interface. Within this room’s tasks, we will explore the components of the Elastic (ELK) Stack and gain insights into the various search and filter functions available in Kibana. Our ultimate … Read more
Views: 8Splunk Search & Reporting App Overview The Search & Reporting App is the primary interface on Splunk’s Home page used for searching and analyzing data. This app provides several essential functionalities to enhance the search experience for analysts. Search & Reporting App is the default interface used to search and analyze the data on the Splunk Home … Read more
Views: 47To upgrade agents using the command line, use the agent_upgrade tool as follows: List all the agents with outdated software: [root@wazuh-server wazuh-user]# /var/ossec/bin/agent_upgrade -lID Name Version 001 zyberpatrol-pdc Wazuh v4.7.1 Upgrade the agent with ID 001 using the ‘-a’ parameter followed by the agent ID: [root@wazuh-server wazuh-user]# /var/ossec/bin/agent_upgrade -a 001 Upgrading… Upgraded agents: Agent 001 upgraded: Wazuh v4.7.1 … Read more
Views: 47LAB Setup Let’s use the DIWA ( Deliberately Insecure Web Application) vulnerable created by Tim Steufmehl , to setup the victim machine. Prepare a Linux machiine with Docker installed. Follow the these instructions to install Docker on Ubuntu. With the above steps, the DIWA app should be UP and running on the Linux VM. Let’s … Read more
Views: 27Use case 1: Failed Logon Attempts (Disabled Users) Use case 2: Failed Logon Attempts (using Admin Accounts) Use case 3: Successful RDP Logon Related To Service Accounts Use case 4: Users Added Or Removed From A Local Group
Views: 18How To Build SIEM Use Cases Example SIEM Use cases Use case 1: Microsoft Build Engine Started By An Office Application A practical example using the Elastic stack as a SIEM solution to help understand how to map each of the use case points listed above. MSBuild, part of the Microsoft Build Engine, is … Read more