Wazuh
Details:
1. Installed Wazuh for Centralized Monitoring
- Set up Wazuh on an Ubuntu server to act as a security monitoring platform.
- Wazuh collects logs and security data from different systems (endpoints) in one place, making it easier to detect and respond to threats.
2. Enrolled Ubuntu and Windows Endpoints
- Connected multiple devices (Ubuntu and Windows systems) to Wazuh as endpoints.
- This allows Wazuh to monitor these devices for suspicious activities, file changes, and vulnerabilities.
3. Configured File Integrity Monitoring (FIM)
- Set up Wazuh to track critical system files for any unauthorized changes.
- This helps detect if files have been modified, which could indicate a security breach or malware activity.
4. Vulnerability Detection and Assessment
- Used Wazuh’s vulnerability detection feature to scan endpoints for known vulnerabilities.
- This ensures that security patches and updates can be applied to reduce risks.
5. Intrusion Detection with Suricata
- Integrated Suricata (an intrusion detection system) with Wazuh to monitor network traffic for malicious activities.
- Suricata helps identify potential attacks, such as port scans or exploit attempts.
6. Detected and Blocked Brute-Force Attacks
- Configured Wazuh to detect repeated failed SSH login attempts, a sign of brute-force attacks.
- Applied rules to block IP addresses that show suspicious behavior.
7. VirusTotal Integration for Malware Detection
- Linked Wazuh with VirusTotal to analyze suspicious files and detect known malware.
- This ensures quick identification of threats using VirusTotal’s extensive malware database.
