Download the example code files
You can download the code mentioned in the book from the GitHub repository here: https://github.com/PacktPublishing/Security-Monitoring-using-Wazuh
We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!
Disclaimer on images
This book contains many horizontally long screenshots. These screenshots provide readers with an overview of Wazuh's execution plans for various operations. As a result, the text in these images may appear small at 100% zoom. Additionally, you will be able to examine these plans more thoroughly in the output of Wazuh as you work through the examples.
Conventions used
There are a number of text conventions used throughout this book.
Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “Copy the curl command to download the Wazuh module and start the Wazuh agent service as mentioned in the following diagram.”
A block of code is set as follows:
<rule id="200101" level="1"> <if_sid>60009</if_sid> <field name="win.system.providerName">^PowerShell$</field> <mitre>
When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
policy: id: "rdp_audit" file: "sca_rdp_audit.yml" name: "System audit for Windows based system" description: "Guidance for establishing a secure configuration for Unix based systems."
Any command-line input or output is written as follows:
$ sudo systemctl restart wazuh-agent
Bold: Indicates a new term, an important word, or words that you see on screen. For instance, words in menus or dialog boxes appear in bold. Here is an example: “Suricata is an open-source network intrusion detection and prevention system (IDS/IPS).”
Tips or important notes
Appear like this.
