sysmon
wazuh-docker
sysmon | wazuh-docker | |
---|---|---|
2 | 4 | |
55 | 576 | |
- | 3.8% | |
1.8 | 9.0 | |
almost 3 years ago | 2 days ago | |
Shell | ||
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sysmon
-
Help Me Understand This Level 12 Sysmon Rule
Alright, I'm in the process of setting up wazuh for my organization. It's been working well with the default alerts it comes with. I wanted to try ingesting and alerting on sysmon logs so I added sysmon to a test endpoint (an IT workstation), added the necessary lines to ossec.conf, and added the ruleset mentioned here to the wazuh manager (local_rules.xml). Seems to be working, I see sysmon logs in wazuh and am now being overwhelmed by this level 12 alert...
-
Wazuh or Wazuh and Graylog?
Wazuh can do a lot for you regarding Win events: - https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/how-to-collect-wlogs.html - https://wazuh.com/blog/learn-to-detect-threats-on-windows-by-monitoring-sysmon-events/ - https://github.com/sametsazak/sysmon
wazuh-docker
-
Wazuh Docker Single Node. 500 error after changing admin password
Now based on my reading of https://github.com/wazuh/wazuh-docker/issues/775This is means i should enter the indexer container and run securityadmin after setting the environment variables specified in the docs....I did this. The command completes successfully with no errors.
-
No config sync when using cluster?
Greetings, for an implementation with ansible we do not have official documentation, however we can recommend an implementation with docker, here the guide https://github.com/wazuh/wazuh-docker
-
Wazuh and ELK
I mean, you could set it up as a container too - although I'm sure someone has already done this for you - for example, Wazuh themselves at https://github.com/wazuh/wazuh-docker
-
Can Wazuh be installed along side of Graylog in the same system?
I think you can install a Wazuh + ELK stack docker https://github.com/wazuh/wazuh-docker. Changing the ports by docker proxy. It will be safe
What are some alternatives?
wazuh-ruleset - Wazuh - Ruleset
wazuh-ansible - Wazuh - Ansible playbook
fim - FIM is an Open Source Host-based file integrity monitoring tool that performs file system analysis, file integrity checking, real time alerting and provides Audit daemon data.
OSSEC - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
wazuh-dashboard-plugins - Plugins for Wazuh Dashboard
boiler_plates - Docker Compose Boilerplates
wazuh-documentation - Wazuh - Project documentation
docker-github-actions-runner - This will run the new self-hosted github actions runners with docker-in-docker
wazuh-kubernetes - Wazuh - Wazuh Kubernetes
lynis - Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
wazuh-packages - Wazuh - Tools for packages creation