Asset management

[Tekletsadik Tadesse]

hello team;

how wazuh works for asset management??

Tekletsadik T.

[Jonathan Martín Valera]

Hello Tekletsadik Tadesse,

Wazuh has a module called "Security Configuration Assessment (SCA)" to provide the user with the best possible experience when performing scans about hardening and configuration policies.

SCA performs scans in order to discover exposures or misconfigurations in monitored hosts. Those scans assess the configuration of the hosts by means of policy files, that contains rules to be tested against the actual configuration of host. For example, SCA could assess whether it is necessary to change password related configuration, remove unnecessary software, disable unnecessary services, or audit the TCP/IP stack configuration.

Policies for the SCA module are written in YAML format. Furthermore, Wazuh is distributed with a set of policies, most of them based on the CIS benchmarks, a well-established standard for host hardening.

You can find more information about it in this section of the documentation https://documentation.wazuh.com/3.11/user-manual/capabilities/sec-config-assessment/index.html#security-configuration-assessment and this section https://documentation.wazuh.com/3.11/user-manual/capabilities/sec-config-assessment/how_it_works.html if you want to know how this SCA module works.

In addition, you can create new custom policies. See an example in this section of the documentation https://documentation.wazuh.com/3.11/user-manual/capabilities/sec-config-assessment/creating_custom_policies.html

You can also take a look at this section of the documentation https://documentation.wazuh.com/3.11/user-manual/capabilities/sec-config-assessment/use_case.html to see an use case example.

I hope this information is helpful to you, and if you have any questions, please don't hesitate to ask us :)

Regards.

Jonathan M.V