SlideShare a Scribd company logo

Wazuh Security Platform

Download as PPTX, PDF
Pituphong Yavirach
Pituphong Yavirach

Presentation about Wazhu Security Platform.

Technology
1 of 32
Pituphong Yavirach, CPTE Founder – Debug Consulting Deployment (HIDS)
Introduction 01 Installation 02 Agenda Deployment Wazuh Agent 03 Configuration 04 Function Test 05 Conslution 06
Introduction
• A Host-Based Intrusion Detection System (HIDS) • HIDS collects, analyzes and pre-correlates a client's logs and alerts if an attack, fraudulent use (policy) or detected error. • It verifies the integrity of local system files, the detection of rootkits, identifies hidden actions of attackers; Trojan horses, Malware, etc. • HIDS leads to real-time alerts and active response • HIDS easily integrates with SIEMs • Centralized policy deployment is performed for all agents HIDS to monitor server compliance. HIDS – Host Based Intrusion Detection System Ref. Anglia Ruskin University, OWASP Cambridge Chapter image ref. https://www.decipherzone.com/blog-detail/web-application-architecture
• OSSEC is open source HIDS. • Its purpose is to detect abnormal behavior on a machine. • It collects the information sent to it by the equipment, it uses signatures or behavior to detect an anomaly. • An OSSEC agent is installed on each machine. OSSEC Ref. Anglia Ruskin University, OWASP Cambridge Chapter
OSSEC Ref. Anglia Ruskin University, OWASP Cambridge Chapter
WAZUH Ref. Anglia Ruskin University, OWASP Cambridge Chapter • Wazuh is a open source platform for detecting intrusion detection, security monitoring, incident response and compliance check. • He joins OSSEC • It can be used to monitor endpoints, services cloud and containers, and to aggregate and analyze data from external sources
• The Wazuh solution consists of an endpoint security agent, deployed on the monitored systems, and a management server, which collects and analyzes the data collected by the agents. • Additionally, Wazuh has been fully integrated with ElasticStack, providing a search engine and a visualization tool for data that allows users to navigate their alerts of security. WAZUH
• A brief overview of some of the most popular use cases currents of the Wazuh solution. WAZUH Abilities Log analysis File Integrity monitoring Rootkit detection Active response Configuration Assessment System inventory Vulnerability detection Cloud security Container security Regulatory conformity
• The Wazuh architecture is based on agents, executed on the monitored terminals, which transmit security data to a central server. • Agentless devices such as firewalls, switches, routers and access points are supported and can actively submit log data via Syslog, SSH or using their API. • The central server decodes and analyzes incoming information and forwards the results to the Wazuh indexer for indexing and storage. • The Wazuh indexer cluster is a set of one or more nodes that communicate with each other to perform operations reading and writing indexes WAZUH Architecture
WAZUH Architecture
WAZUH Component
• The Wazuh indexer is a text search and analysis engine highly scalable integral. • Wazuh indexer stores data as documents JSON. Each document correlates a set of keys, names of fields or properties, with their values corresponding • An index is a collection of documents related to each other. • Wazuh uses four different indexes to store different types of events: wazuh - alerts, wazuh - archives, wazuh - monitoring, wazuh - statistics WAZUH Indexer Ref. Anglia Ruskin University, OWASP Cambridge Chapter
WAZUH Indexer
• The Wazuh server component analyzes the received data agents, triggering alerts when threats or abnormalities are detected. • It is also used to manage the configuration of agents at distance and monitor their status. • The Wazuh server uses sources of information about the threats to improve its detection capabilities. • It also enriches alert data using the MITER framework ATT&CK and regulatory compliance requirements such as PCI DSS, GDPR, HIPAA, CIS and NIST 800-53 providing context useful for security analysis. WAZUH Server
WAZUH Server
• The Wazuh dashboard is a flexible web-based user interface and intuitive for exploring, analyzing and visualizing security events and alert data. • It is also used for platform management and monitoring Wazuh. • Additionally, it provides access control functionality based on Roles (RBAC), Single Sign-On (SSO), Viewing and data analysis, agent monitoring and configuration, Platform Management, Developer Tools WAZUH Dashboard
WAZUH Data visualization and analysis
WAZUH Data visualization and analysis
WAZUH Data visualization and analysis
WAZUH Data visualization and analysis
WAZUH Agent Monitoring
WAZUH Platform Management
WAZHU Status and Reports
WAZUH Ruleset test
WAZUH API Console
WAZUH Security rules
• The Wazuh agent is cross-platform and runs on the hosts that the user wants to monitor. • It is also used for platform management and monitoring Wazuh. • The Wazuh Agent provides key functionality to improve the security of your system WAZUH Agent Log collector Command execution File integrity monitoring (FIM) Security configuration assessment (SCA) System inventory Malware detection Active response Container security monitoring Cloud security monitoring
WAZUH Agent
Questions?
THANK YOU

Recommended

SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 

Recommended

SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhAurélie Henriot
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptxAjit Wadhawan
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM ArchitectureNishanth Kumar Pathi
 
Open source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabOpen source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabBoni Yeamin
 
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfMicrosoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfKranthi Aragonda
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
Introduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptxIntroduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptxmprakaash5
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxTikdiPatel
 

More Related Content

What's hot

Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)hardik soni
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhAurélie Henriot
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testingNezar Alazzabi
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Open source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabOpen source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabBoni Yeamin
 
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfMicrosoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfKranthi Aragonda
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 

What's hot (20)

Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo Wazuh
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
SIEM Architecture
SIEM ArchitectureSIEM Architecture
SIEM Architecture
 
Open source SOC Tools for Home-Lab
Open source SOC Tools for Home-LabOpen source SOC Tools for Home-Lab
Open source SOC Tools for Home-Lab
 
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfMicrosoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 

Similar to Wazuh Security Platform

Introduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptxIntroduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptxmprakaash5
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxTikdiPatel
 
Software for Finding vulnerabilities in programs.pdf
Software for Finding vulnerabilities in programs.pdfSoftware for Finding vulnerabilities in programs.pdf
Software for Finding vulnerabilities in programs.pdfBytecode Security
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
RSA-Pivotal Security Big Data Reference Architecture
RSA-Pivotal Security Big Data Reference ArchitectureRSA-Pivotal Security Big Data Reference Architecture
RSA-Pivotal Security Big Data Reference ArchitectureEMC
 
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt CohenEvaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt CohenInman News
 
Security Framework from SANS
Security Framework from SANSSecurity Framework from SANS
Security Framework from SANSJeffrey Reed
 
EastNets Compliance Solutions
EastNets Compliance SolutionsEastNets Compliance Solutions
EastNets Compliance SolutionsEastNets
 
WAF FOR PCI-DSS COMPLIANCE
WAF FOR PCI-DSS COMPLIANCEWAF FOR PCI-DSS COMPLIANCE
WAF FOR PCI-DSS COMPLIANCE Array Networks
 
Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Richard Sullivan
 
Acunetix Training and ScanAssist
Acunetix Training and ScanAssistAcunetix Training and ScanAssist
Acunetix Training and ScanAssistBryan Ferrario
 
Cloud Resource Management
Cloud Resource ManagementCloud Resource Management
Cloud Resource ManagementNASIRSAYYED4
 
owasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWEowasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWEArun Voleti
 
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array NetworksVirtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks Array Networks
 
SANS 20 Security Controls
SANS 20 Security ControlsSANS 20 Security Controls
SANS 20 Security ControlsCasey Wimmer
 

Similar to Wazuh Security Platform (20)

Introduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptxIntroduction-to-Wazuh-and-its-integration.pptx
Introduction-to-Wazuh-and-its-integration.pptx
 
Cyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptxCyber-Security-Unit-4.pptx
Cyber-Security-Unit-4.pptx
 
Software for Finding vulnerabilities in programs.pdf
Software for Finding vulnerabilities in programs.pdfSoftware for Finding vulnerabilities in programs.pdf
Software for Finding vulnerabilities in programs.pdf
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
RSA-Pivotal Security Big Data Reference Architecture
RSA-Pivotal Security Big Data Reference ArchitectureRSA-Pivotal Security Big Data Reference Architecture
RSA-Pivotal Security Big Data Reference Architecture
 
Evaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt CohenEvaluating Web App, Mobile App, and API Security - Matt Cohen
Evaluating Web App, Mobile App, and API Security - Matt Cohen
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
Security Framework from SANS
Security Framework from SANSSecurity Framework from SANS
Security Framework from SANS
 
EastNets Compliance Solutions
EastNets Compliance SolutionsEastNets Compliance Solutions
EastNets Compliance Solutions
 
WAF FOR PCI-DSS COMPLIANCE
WAF FOR PCI-DSS COMPLIANCEWAF FOR PCI-DSS COMPLIANCE
WAF FOR PCI-DSS COMPLIANCE
 
Techowl- Wazuh.pdf
Techowl- Wazuh.pdfTechowl- Wazuh.pdf
Techowl- Wazuh.pdf
 
Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01
 
Axxera ci siem
Axxera ci siemAxxera ci siem
Axxera ci siem
 
Segmentation on azure platform
Segmentation on azure platformSegmentation on azure platform
Segmentation on azure platform
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
 
Acunetix Training and ScanAssist
Acunetix Training and ScanAssistAcunetix Training and ScanAssist
Acunetix Training and ScanAssist
 
Cloud Resource Management
Cloud Resource ManagementCloud Resource Management
Cloud Resource Management
 
owasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWEowasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWE
 
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array NetworksVirtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
 
SANS 20 Security Controls
SANS 20 Security ControlsSANS 20 Security Controls
SANS 20 Security Controls
 

Recently uploaded

ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...FIDO Alliance
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024TopCSSGallery
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101vincent683379
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelreely ones
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsUXDXConf
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfFIDO Alliance
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfSrushith Repakula
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyUXDXConf
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 

Recently uploaded (20)

ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024Top 10 Symfony Development Companies 2024
Top 10 Symfony Development Companies 2024
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
THE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreelTHE BEST IPTV in GERMANY for 2024: IPTVreel
THE BEST IPTV in GERMANY for 2024: IPTVreel
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 

Wazuh Security Platform

  • 1. Pituphong Yavirach, CPTE Founder – Debug Consulting Deployment (HIDS)
  • 4. • A Host-Based Intrusion Detection System (HIDS) • HIDS collects, analyzes and pre-correlates a client's logs and alerts if an attack, fraudulent use (policy) or detected error. • It verifies the integrity of local system files, the detection of rootkits, identifies hidden actions of attackers; Trojan horses, Malware, etc. • HIDS leads to real-time alerts and active response • HIDS easily integrates with SIEMs • Centralized policy deployment is performed for all agents HIDS to monitor server compliance. HIDS – Host Based Intrusion Detection System Ref. Anglia Ruskin University, OWASP Cambridge Chapter image ref. https://www.decipherzone.com/blog-detail/web-application-architecture
  • 5. • OSSEC is open source HIDS. • Its purpose is to detect abnormal behavior on a machine. • It collects the information sent to it by the equipment, it uses signatures or behavior to detect an anomaly. • An OSSEC agent is installed on each machine. OSSEC Ref. Anglia Ruskin University, OWASP Cambridge Chapter
  • 6. OSSEC Ref. Anglia Ruskin University, OWASP Cambridge Chapter
  • 7. WAZUH Ref. Anglia Ruskin University, OWASP Cambridge Chapter • Wazuh is a open source platform for detecting intrusion detection, security monitoring, incident response and compliance check. • He joins OSSEC • It can be used to monitor endpoints, services cloud and containers, and to aggregate and analyze data from external sources
  • 8. • The Wazuh solution consists of an endpoint security agent, deployed on the monitored systems, and a management server, which collects and analyzes the data collected by the agents. • Additionally, Wazuh has been fully integrated with ElasticStack, providing a search engine and a visualization tool for data that allows users to navigate their alerts of security. WAZUH
  • 9. • A brief overview of some of the most popular use cases currents of the Wazuh solution. WAZUH Abilities Log analysis File Integrity monitoring Rootkit detection Active response Configuration Assessment System inventory Vulnerability detection Cloud security Container security Regulatory conformity
  • 10. • The Wazuh architecture is based on agents, executed on the monitored terminals, which transmit security data to a central server. • Agentless devices such as firewalls, switches, routers and access points are supported and can actively submit log data via Syslog, SSH or using their API. • The central server decodes and analyzes incoming information and forwards the results to the Wazuh indexer for indexing and storage. • The Wazuh indexer cluster is a set of one or more nodes that communicate with each other to perform operations reading and writing indexes WAZUH Architecture
  • 13. • The Wazuh indexer is a text search and analysis engine highly scalable integral. • Wazuh indexer stores data as documents JSON. Each document correlates a set of keys, names of fields or properties, with their values corresponding • An index is a collection of documents related to each other. • Wazuh uses four different indexes to store different types of events: wazuh - alerts, wazuh - archives, wazuh - monitoring, wazuh - statistics WAZUH Indexer Ref. Anglia Ruskin University, OWASP Cambridge Chapter
  • 15. • The Wazuh server component analyzes the received data agents, triggering alerts when threats or abnormalities are detected. • It is also used to manage the configuration of agents at distance and monitor their status. • The Wazuh server uses sources of information about the threats to improve its detection capabilities. • It also enriches alert data using the MITER framework ATT&CK and regulatory compliance requirements such as PCI DSS, GDPR, HIPAA, CIS and NIST 800-53 providing context useful for security analysis. WAZUH Server
  • 17. • The Wazuh dashboard is a flexible web-based user interface and intuitive for exploring, analyzing and visualizing security events and alert data. • It is also used for platform management and monitoring Wazuh. • Additionally, it provides access control functionality based on Roles (RBAC), Single Sign-On (SSO), Viewing and data analysis, agent monitoring and configuration, Platform Management, Developer Tools WAZUH Dashboard
  • 18. WAZUH Data visualization and analysis
  • 19. WAZUH Data visualization and analysis
  • 20. WAZUH Data visualization and analysis
  • 21. WAZUH Data visualization and analysis
  • 24. WAZHU Status and Reports
  • 28. • The Wazuh agent is cross-platform and runs on the hosts that the user wants to monitor. • It is also used for platform management and monitoring Wazuh. • The Wazuh Agent provides key functionality to improve the security of your system WAZUH Agent Log collector Command execution File integrity monitoring (FIM) Security configuration assessment (SCA) System inventory Malware detection Active response Container security monitoring Cloud security monitoring
  • 30.