Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Security Monitoring with Wazuh

You're reading from   Security Monitoring with Wazuh A hands-on guide to effective enterprise security using real-life use cases in Wazuh

Arrow left icon
Product type Paperback
Published in Apr 2024
Publisher Packt
ISBN-13 9781837632152
Length 322 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Rajneesh Gupta Rajneesh Gupta
Author Profile Icon Rajneesh Gupta
Rajneesh Gupta
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Part 1:Threat Detection
2. Chapter 1: Intrusion Detection System (IDS) Using Wazuh FREE CHAPTER 3. Chapter 2: Malware Detection Using Wazuh 4. Part 2: Threat Intelligence, Automation, Incident Response, and Threat Hunting
5. Chapter 3: Threat Intelligence and Analysis 6. Chapter 4: Security Automation Using Shuffle 7. Chapter 5: Incident Response with Wazuh 8. Chapter 6: Threat Hunting with Wazuh 9. Part 3: Compliance Management
10. Chapter 7: Vulnerability Detection and Configuration Assessment 11. Chapter 8: Appendix 12. Chapter 9: Glossary 13. Index 14. Other Books You May Enjoy

What this book covers

Chapter 1, Intrusion Detection System (IDS) Using Wazuh, provides fundamentals on IDSs and Suricata and its capabilities and features, installing Wazuh and setting up Suricata, utilizing Suricata in threat detection, handling network scanning probes, identifying Metasploit exploits, simulating web-based attacks with DVWA, and measuring NIDS effectiveness with tmNIDS.

Chapter 2, Malware Detection Using Wazuh, introduces you to malware, using FIM for detection, integrating VirusTotal for enhanced analysis, and integrating Windows Defender and Sysmon.

Chapter 3, Threat Intelligence and Analysis, discusses enhancing Wazuh capabilities by integrating threat intelligence and analysis tools such as MISP, TheHive, and Cortex. This chapter includes real-world examples of threat intelligence in a variety of contexts, as well as instructions on configuring and utilizing TheHive, Cortex, and MISP for cooperative threat analysis and response.

Chapter 4, Security Automation and Orchestration Using Shuffle, covers the integration of Security orchestration, Automation, and Response (SOAR) with the Wazuh platform that can be utilized to streamline and enhance incident response processes. The chapter focuses on the implementation of automated workflows, playbooks, and response actions using Wazuh and Shuffle.

Chapter 5, Incident Response with Wazuh, focuses on Wazuh’s Active response capability to remediate threats in real time, covering several practical use cases such as blocking brute-force attempts and automatically isolating Windows machines.

Chapter 6, Threat Hunting with Wazuh, delves into the methodology of proactive threat hunting using Wazuh, focusing on log analysis, attack mapping, Osquery utilization, and command monitoring.

Chapter 7, Vulnerability and Configuration Assessment, explores vulnerability and policy assessment using Wazuh. It will cover the important parts of finding vulnerabilities, monitoring configurations, and following standard compliance frameworks in a business. This chapter also covers the basics of vulnerability assessment and compliance standards such as PCI DSS, NIST 800-53, and HIPAA. It also provides ideas on how to use Wazuh’s features to make sure your organization follows all of its security rules and policies.

Chapter 8, Appendix delves into a list of custom Wazuh rules to enhance security monitoring. It explores the creation of custom PowerShell rules to detect suspicious activities within Windows environments. Additionally, the chapter discusses the implementation of custom Auditd rules for auditing Linux systems, bolstering defense against potential threats. Moreover, it provides insights into crafting custom Kaspersky endpoint security rules, enabling comprehensive threat detection and response. Finally, it covers custom Sysmon rules mapped to certain MITRE ATT&CK® techniques.

Chapter 9, Glossary, provides a comprehensive glossary covering key terms and concepts essential for understanding security monitoring and Wazuh functionality. From active response, which automates response actions, to Amazon EC2 instances and beyond, each entry offers concise explanations. Terms such as compliance, IDS, and vulnerability detection module are elucidated, aiding you in grasping crucial security concepts. Additionally, tools such as PowerShell, Docker, and YARA are defined, highlighting their significance in modern cybersecurity practices. This glossary serves as a valuable reference for both novice and experienced security professionals who are navigating the complex landscape of security monitoring and threat detection.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime