repo
Wazuh
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
repo
-
The Danger of Microsoft Pluton
You really nailed it with that car analogy.
Most "car people" would agree that changing the oil in your car is super easy. To me, it is not easy. It's not something I'm willing to do, even though I know the steps of how to do it. I just don't know what I don't know. When I have my oil changed, the mechanic tells me what I should be concerned about. He tells me what upcoming work I need to have done, how much it will cost, and what could happen if I don't do it. He has experience, expertise, and specialized tools. He had knowledge gathered over years to be highly proficient in his profession.
I could do those things. I could read, and listen, and learn. I could be under my car every day learning new things about how to install this, or replace that. But I don't really have the drive or inclination to do so. I'd rather leave it to the pro. I also have the added novice-worry of screwing something up, and hurting myself or others as a result. I don't want that kind of pressure. I don't want my car breaking down while doing some long journey - I just want it to run when I need it to run, without any scary warning lights coming up on my dashboard.
To bring the analogy back to computers, I still know people - people in their 20's or 30's - who do not know how to copy and paste with keyboard shortcuts. I will sit there and see them highlight, right-click, click copy, move their cursor, left-click, right-click, choose paste. I'll tell them how much time they could save if they "just did ..." and get a basic "Yeah...I just don't really care though, ya know? This works." The thing is, there is no investment on their part to want or need to do that more efficiently. They get by well enough with not bothering.
They could get super into computers, and learn something as "technical" as `git clone https://github.com/some/repo` and follow the process to configure and run a script. They could learn to do those things. But they don't really have that time to invest in it, or don't have that passion for it, or have a professional investment in needing to do it.
They want it to work. They want to not get hacked. They want to not have to think about computers at all. Computers are the interface to do "the thing" more easily. And if the computer breaks? They want it fixed so it won't happen again. The computer "does the internet thing". And I can respect that because they focus their energy into knowledge into other topics that I don't have a clue about, the same way I don't have a clue about cars, even if I know oil changes are "easy".
-
Iām aware that the template is kinda bad
> curl -o- https://github.com/some/repo/install.sh | bash
Wazuh
-
Exclude certain CIS (sca) rules from agents
There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.
- Deployment issue
-
Greenbone
I use Wazuh instead. Greenbone CE is severely limited and requires payment for anything beyond the very basic. Super simple installation more features.
-
Update vulnerability databases through proxy with authentication
Seems like something that should be documented somewhere more official than a random reddit post for sure. Added it to https://github.com/wazuh/wazuh/issues/1112 for good measure.
-
š» Introducing Wazuh 4.7.0.
Hmm, I've really been wanting to try Wazuh but since all our endpoints (Win10/11) are running a German locale I've run into https://github.com/wazuh/wazuh/issues/16842 when checking the compliance checks (CIS benchmarks) on a test installation of 4.6.
-
Risks of hosting a website out of my house
Monitoring & Active Measures - Exporting firewall events to an external time-series database like I describe above is good to see who is touching your firewall or accessing your web site. Using an Intrusion Detection System / Intrusion Prevention System (IDS/IPS) such as open-source Suricata, which is a free package on pfSense, and deploying file system integrity monitoring, such as the open-source Wazuh on the exposed server are also good approaches to protecting yourself.
-
Ignore Vulnerability for specific CVE?
We are actively working on enhancing the system to allow users to mark vulnerabilities as "not vulnerable" or hide them. You can track the progress of this enhancement on the following GitHub issue: (Enhancement - Mark Vulnerabilities as Not Vulnerable).
- Account LockOuts
-
advice on building a vulnerability management dashboard
Hello, thanks for using Wazuh, I will try to answer your questions: 1- I am going to check with the team in charge to see if there is a way. 2- Untriaged is a default value that is placed on vulnerabilities that do not have low, medium or high values https://github.com/wazuh/wazuh/issues/12675 3- As in the previous point, the providers of vulnerability lists have not provided the data.
-
Agents keep trying to re-register and event queues filling
Agents getting frequently pending and disconnecting
What are some alternatives?
keylime - A CNCF Project to Bootstrap & Maintain Trust on the Edge / Cloud and IoT
security-onion - Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Windows10Debloater - Script to remove Windows 10 bloatware.
Suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
wg-securing-critical-projects - Helping allocate resources to secure the critical open source projects we all depend on.
OSSEC - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
sharpapp - š©āļøšA #app with cutting edge technology to #minimize windows-10 telemetry and #maximize privacy plus many more
openvas-scanner - This repository contains the scanner component for Greenbone Community Edition.
itpol - Useful IT policies
Snort - Snort++
28c3-doctorow - Transcription of Cory Doctorow's keynote from 28C3.
crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.