Wazuh: File Integrity Monitoring
In this post, I show you how to configure and monitor File Integrity Monitoring (FIM) in Wazuh.
By
0xBEN
Wazuh
Wazuh SIEM
By
0xBEN
Wazuh: Enhancing Zeek Logs with RITA
In this post, I demonstrate how to install and configure RITA on a NIDS node running Zeek and ingest the RITA output with Wazuh command logging.
By
0xBEN
Hunting with Wazuh: Adding Context
In this post, I elaborate on the Log All JSON option in the Wazuh Manager's configuration and how that can add more context beyond just alerts.
By
0xBEN
Wazuh Index Management Policy
In this post, I show how to manage your Wazuh Indexer indices in order to improve performance and manage disk space consumed by indices.
By
0xBEN
Wazuh: Exploring the OwlH Integration
In this post, I explore the OwlH integration with Wazuh and the convenience of the centralized NIDS configuration management it offers.
By
0xBEN
Wazuh: Migrating to Wazuh Dashboard, Wazuh Indexer, and to Version 4.3
In this post, I go over the procedure of migrating from OpenDistro Elasticsearch to Wazuh Indexer, OpenDistro Kibana to Wazuh Dashboard, and Wazuh 4.2 to Wazuh 4.3.
By
0xBEN
Wazuh: Mapping Sysmon Events to MITRE ATT&CK IDs
In this post, I show how I implemented and worked around some issues while adding an enhanced ruleset mapping Sysmon events to ATT&CK IDs.
By
0xBEN
Wazuh Announces Version 4.3
The Wazuh team announced a new major version, 4.3. The Proxmox home lab guide on my blog points to installing 4.2 and I wanted to make a note for new or returning readers about the new announcement.
By
0xBEN
Monitoring pfSense with Wazuh
In this post, I demonstrate how I installed the Wazuh agent on a pfSense host and ingested some logs into my SIEM.
By
0xBEN