Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Security Monitoring with Wazuh

You're reading from   Security Monitoring with Wazuh A hands-on guide to effective enterprise security using real-life use cases in Wazuh

Arrow left icon
Product type Paperback
Published in Apr 2024
Publisher Packt
ISBN-13 9781837632152
Length 322 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Rajneesh Gupta Rajneesh Gupta
Author Profile Icon Rajneesh Gupta
Rajneesh Gupta
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Part 1:Threat Detection
2. Chapter 1: Intrusion Detection System (IDS) Using Wazuh FREE CHAPTER 3. Chapter 2: Malware Detection Using Wazuh 4. Part 2: Threat Intelligence, Automation, Incident Response, and Threat Hunting
5. Chapter 3: Threat Intelligence and Analysis 6. Chapter 4: Security Automation Using Shuffle 7. Chapter 5: Incident Response with Wazuh 8. Chapter 6: Threat Hunting with Wazuh 9. Part 3: Compliance Management
10. Chapter 7: Vulnerability Detection and Configuration Assessment 11. Chapter 8: Appendix 12. Chapter 9: Glossary 13. Index 14. Other Books You May Enjoy

Malware detection using FIM

When a system gets compromised by malware, it may create new files or modify existing files, such as the following file types:

  • Executable files (.exe, .dll, .bat, and .vbs)
  • Configuration files (.cfg and .ini)
  • Temporary files (.tmp)
  • Registry entries
  • Log files (.log)
  • Payload files
  • Hidden files and directories
  • Batch scripts (.bat)
  • PowerShell (.ps1)
  • Specially crafted documents with a malicious payload (.doc, .xls, and .pdf)

Using this information, we can create an FIM rule in Wazuh to detect any file changes. However, we will get a high number of false positive alerts, too. To solve this problem, we can focus on a specific directory or folder. We will learn more in this section.

In this section, we’ll learn how to create Wazuh rules to detect some of the common malware patterns.

We’ll cover the following use cases:

  • Configuring and testing FIM on an Ubuntu machine
  • Detecting suspicious...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime