Overview

I have successfully implemented Wazuh, an open-source security monitoring platform, to enhance system and network security. This deployment involved configuring and utilizing Wazuh’s key features for comprehensive threat detection and compliance. Here’s what I accomplished:

  • Installing Wazuh: Deployed and configured the Wazuh server on an Ubuntu environment to centralize security data and provide advanced monitoring capabilities.
  • Endpoint Agent Enrollment: Integrated Wazuh agents for both Ubuntu and Windows endpoints to ensure real-time monitoring and detailed security insights.
  • File Integrity Monitoring (FIM): Set up file integrity checks to monitor and alert on unauthorized changes to critical files, enhancing system integrity.
  • Network Intrusion Detection: Leveraged Suricata IDS within Wazuh to detect potential network intrusions and malicious activity.
  • Vulnerability Detection: Configured vulnerability scans to proactively identify and mitigate security weaknesses across systems.
  • Command Execution Monitoring: Enabled detection of malicious or unauthorized command execution, ensuring system processes remain secure.
  • SSH Brute-Force Protection: Implemented mechanisms to detect and block SSH brute-force attacks, safeguarding system access.
  • Malware Detection: Integrated VirusTotal to identify and alert on malicious files, strengthening endpoint security.

Below, you’ll find screenshots highlighting these configurations and results, including alerts, compliance reports, endpoint monitoring, file integrity checks, threat hunting, and vulnerability detection.

Screenshots