Wazuh
WSLab
Our great sponsors
Wazuh | WSLab | |
---|---|---|
151 | 9 | |
9,161 | 1,140 | |
7.1% | 1.7% | |
10.0 | 7.4 | |
about 22 hours ago | 22 days ago | |
C | PowerShell | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Wazuh
-
Exclude certain CIS (sca) rules from agents
There is currently no feature for excluding specific SCA rules however this feature has been requested here and would be added to the roadmap for future releases.
- Deployment issue
-
Greenbone
I use Wazuh instead. Greenbone CE is severely limited and requires payment for anything beyond the very basic. Super simple installation more features.
-
Update vulnerability databases through proxy with authentication
Seems like something that should be documented somewhere more official than a random reddit post for sure. Added it to https://github.com/wazuh/wazuh/issues/1112 for good measure.
-
💻 Introducing Wazuh 4.7.0.
Hmm, I've really been wanting to try Wazuh but since all our endpoints (Win10/11) are running a German locale I've run into https://github.com/wazuh/wazuh/issues/16842 when checking the compliance checks (CIS benchmarks) on a test installation of 4.6.
-
Risks of hosting a website out of my house
Monitoring & Active Measures - Exporting firewall events to an external time-series database like I describe above is good to see who is touching your firewall or accessing your web site. Using an Intrusion Detection System / Intrusion Prevention System (IDS/IPS) such as open-source Suricata, which is a free package on pfSense, and deploying file system integrity monitoring, such as the open-source Wazuh on the exposed server are also good approaches to protecting yourself.
-
Ignore Vulnerability for specific CVE?
We are actively working on enhancing the system to allow users to mark vulnerabilities as "not vulnerable" or hide them. You can track the progress of this enhancement on the following GitHub issue: (Enhancement - Mark Vulnerabilities as Not Vulnerable).
- Account LockOuts
-
advice on building a vulnerability management dashboard
Hello, thanks for using Wazuh, I will try to answer your questions: 1- I am going to check with the team in charge to see if there is a way. 2- Untriaged is a default value that is placed on vulnerabilities that do not have low, medium or high values https://github.com/wazuh/wazuh/issues/12675 3- As in the previous point, the providers of vulnerability lists have not provided the data.
-
Agents keep trying to re-register and event queues filling
Agents getting frequently pending and disconnecting
WSLab
-
I need basic understanding of servers (terminal servers, dns servers, domain controllers etc), ip addresses and rdp
Good on you man, you have some great practical experience that will go a long way. Once you learn more you’ll have something that a lot of IT engineers don’t typically have. I work in IT for a manufacturing environment and having electrical and/or mechanical experience will help a lot with your troubleshooting methodology. You have some great replies here which will hopefully start to bridge that gap. I can also highly recommend creating a small homelab for yourself. You can’t beat hands on learning, and there are a ton of great tools to get you started, e.g., https://github.com/microsoft/MSLab. This will help get you up and running quickly and give you an environment to play with. Good luck dude.
-
Clarification needed.
If you want to pen test AND implement/engineer, the cyber defense emphasis may be the best fit. As you progress, consider whether you're more drawn to networking/infrastructure or systems. A great approach: build labs that you think will be difficult to exploit, attack them, improve them. Lather, rinse, and repeat. you can do that with cloud platforms, web apps, mobile apps, IoT, etc. If you're not sure where to start, get your hands on a decently powered machine and check out the ready-to-build scenarios in MSLabs (https://github.com/microsoft/MSLab The Windows Event Forwarding scenarios are especially interesting).
-
A bit worried
If you have the time and resources for it, consider setting up a complex lab environment (https://github.com/microsoft/MSLab is a helpful starting point) with a few different types of targets. Within that environment, you can break whatever you want, try different hardening techniques, etc. I like to use that type of lab to test detection capabilities and scripted/triggered automations using sysmon, wazuh, and caldera.
- powershell script for setting up a Domain Controller
- Automate hyper-v with code
- Active directory pen testing lab
-
Cybersecurity physical labs
take a look at https://github.com/microsoft/MSLab, you can install Hyper-V 2019 server and use the scenarios to create a lab to your liking. I'm using this approach to establish a stable/consistent starting point for an AD environment with OUs, computers, groups, and users generated randomly by https://github.com/davidprowe/BadBlood to gauge the differences in logging and detection fidelity between different EDR solutions.
- Windows clustering
-
Windows Server for personal use?
Have a look at WSLab for rapid deployment of environments https://github.com/microsoft/WSLab
What are some alternatives?
security-onion - Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
AutomatedLab - AutomatedLab is a provisioning solution and framework that lets you deploy complex labs on HyperV and Azure with simple PowerShell scripts. It supports all Windows operating systems from 2008 R2 to 2022, some Linux distributions and various products like AD, Exchange, PKI, IIS, etc.
Suricata - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.
caldera - Automated Adversary Emulation Platform
OSSEC - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
can-i-take-over-xyz - "Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
openvas-scanner - This repository contains the scanner component for Greenbone Community Edition.
BadBlood - BadBlood by @davidprowe, Secframe.com, fills a Microsoft Active Directory Domain with a structure and thousands of objects. The output of the tool is a domain similar to a domain in the real world. After BadBlood is ran on a domain, security analysts and engineers can practice using tools to gain an understanding and prescribe to securing Active Directory. Each time this tool runs, it produces different results. The domain, users, groups, computers and permissions are different. Every. Single. Time.
Snort - Snort++
oh-my-git - An interactive Git learning game!
crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
CTF-Difficulty - This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.