Wazuh An ultra-powerful threat prevention, detection security platform that supports virtualization, containerization and cloud environment protection…

Hits: 0

Follow the official account “Wonderful Linux World”
and set it as a “star” to bring you to play with Linux every day!

Wazuh is an open-source platform for threat prevention, detection, and response that spans on-premises, [virtualized] , containerized, and cloud-based environmental protection workloads. The solution consists of an endpoint security agent deployed to the monitored system and a management server that collects and analyzes the data collected by the agent. Additionally, Wazuh has been fully integrated with the Elastic Stack, providing a search engine and data visualization tool that allows users to navigate through their security alerts.

scenes to be used

Intrusion detection

Wazuh agents scan monitored systems for malware, rootkits and suspicious anomalies. They can detect hidden files, hidden processes or unregistered network listeners, and inconsistencies in system call responses. In addition to the proxy function, the server component uses a signature-based intrusion detection approach, using its regular expression engine to analyze collected log data and look for indicators of compromise.

Log data analysis

Wazuh agents read operating system and application logs and securely forward them to a central manager for rule-based analysis and storage. When no agent is deployed, the server can also receive data from network devices or applications via syslog. Wazuh Rules help you understand application or system errors, misconfigurations, attempted and/or successful malicious activity, policy violations, and various other security and operational issues.

Integrity check

Wazuh monitors the file system, identifying changes to the content, permissions, ownership, and attributes of files that require close attention. Additionally, it natively recognizes the user and application used to create or modify the file. Integrity checking capabilities can be used in conjunction with threat intelligence to identify threats or compromised hosts. Also, some US compliance standards, such as PCI DSS, require it.

Vulnerability detection

Wazuh agents extract software inventory data and send this information to a server where it is correlated with a constantly updated CVE database to identify well-known vulnerable software. Automated vulnerability assessments can help you find weaknesses in critical assets and take corrective action before attackers use them to compromise your business or steal confidential data.

Configuration assessment

Wazuh monitors system and application configuration settings to ensure they comply with your security policies, standards and/or hardening guidelines. The agent performs periodic scans to detect applications that are known to be vulnerable, unpatched, or insecurely configured. In addition, configuration checks can be customized, tailoring them to properly align with your organization. Alerts include better configuration recommendations, reference information and mapping to compliance maps.

accident response

Wazuh provides out-of-the-box proactive responses to perform various countermeasures against proactive threats, such as blocking access to the system from the threat source when certain criteria are met. Additionally, Wazuh can be used to remotely run commands or system queries, identify indicators of danger (IOCs), and help perform other real-time forensics or incident response tasks.

Compliance

Wazuh provides some necessary security controls to comply with industry standards and regulations. These features, combined with its scalability and multi-platform support, can help organizations meet technical compliance needs. Wazuh is widely used by payment processing companies and financial institutions to meet PCI DSS (Payment Card Industry Data Security Standard) requirements. Its web user interface provides reports and dashboards that can help address this and other regulations (eg GPG13 or GDPR).

cloud security

Wazuh helps monitor cloud infrastructure at the API level by using integration modules to obtain security data from well-known cloud service providers such as Amazon AWS, Azure or Google Cloud. Additionally, Wazuh provides rules for evaluating cloud environment configurations, making it easy to spot weaknesses. Additionally, Wazuh lightweight and multi-platform agents are commonly used for instance-level monitoring of cloud environments.

container security

Wazuh provides security visibility into Docker hosts and containers, monitoring their behavior and detecting threats, vulnerabilities, and anomalies. The Wazuh agent is natively integrated with the Docker engine, allowing users to monitor images, volumes, network settings, and running containers. Detailed runtime information is continuously collected and analyzed. For example, alert on containers running in privileged mode, vulnerable applications, shells running in containers, changes to persistent volumes or images, and other possible threats.

Quick installation

  1. Download and run the Wazuh Installation Assistant.

INFO: --- Summary ---
INFO: You can access the web interface https://<wazuh-dashboard-ip>
    User: admin
    Password: <ADMIN_PASSWORD>
INFO: Installation finished.

After the assistant completes the installation, the output displays the access credentials and a message confirming that the installation was successful.

INFO: --- Summary ---
INFO: You can access the web interface https://<wazuh-dashboard-ip>
    User: admin
    Password: <ADMIN_PASSWORD>
INFO: Installation finished.

At this point Wazuh is now installed and configured.

2.  https://<wazuh-dashboard-ip> Access the Wazuh web interface using and your credentials, username: admin, password: <ADMIN_PASSWORD>. When you first visit the Wazuh dashboard, your browser will display a warning message that the certificate was not issued by a trusted authority. This is expected, and the user can choose to accept the certificate as, or configure the system to use a certificate from a trusted authority.

If you want to uninstall Wazuh central components, use options  -u or  --uninstall run the Wazuh installation assistant.

Now that your Wazuh installation is ready, you can start deploying Wazuh agents, which can be used to protect laptops, desktops, servers, cloud instances, containers, or virtual machines. The agent can provide various security features.

The agent needs to select the appropriate installation package according to its own system, which can be installed from the official documentation https://documentation.wazuh.com/current/installation-guide/wazuh-agent/index.html.

Wazuh WUI provides a powerful user interface for data visualization and analysis, this interface can also be used to manage Wazuh configuration and monitor its status.

For more ways to use Wazuh, please check the official documentation https://documentation.wazuh.com/current/index.html for more information.

Git repository: https://github.com/wazuh/wazuh

This article is reproduced from: “Github lovers”, the original text: https://url.hi-linux.com/YSbIh, the copyright belongs to the original author. Contributions are welcome, submission email: editor@hi-linux.com.

Recently, we established a technical exchange WeChat group . At present, many great gods in the industry have joined the group. Interested students can join and exchange technology with us, and directly reply to “Jiaqun” on the “Wonderful Linux World” public account to invite you to join the group.

You might also like

Click the image below to read

Cleverly use Kubernetes Finalizers to gracefully clean up those K8s resources that failed to delete

For more interesting Internet news, pay attention to the “Wonderful Internet” video account to learn all about it!

You may also like...

Leave a Reply

Your email address will not be published.