Wazuh - Solaris 11 - AR

31 views

Skip to first unread message

Aarón Hernández

unread,

Dec 2, 2021, 8:01:39 PM12/2/21

to Wazuh mailing list

I have some Solaris 11 hosts and I've read the docs about active response but I want to know if these are compatible for Solaris 11?

https://documentation.wazuh.com/current/user-manual/capabilities/active-response/how-it-works.html

Regards.

Tomas Turina

unread,

Dec 2, 2021, 8:29:18 PM12/2/21

to Aarón Hernández, Wazuh mailing list

Hi Aarón,

Thanks for using Wazuh!

About your question, I can tell you that AR is also available for Solaris systems.

One important thing is that not all the provided scripts are compatible with Solaris, only the following work on that OS:

firewall-drop: Uses iptables to block/unblock an IP.
disable-account: Uses chuser to disable/enable an user account.
restart-wazuh: Restarts the Wazuh process.
wazuh-slack: Sends a message to a given Slack workspace.

Anyway, you can always create your own scripts to do whatever you need in your systems. Here you can find the documentation with an example to do this.

I hope this information helps.

Best regards.

Tomás Turina.

52 1 55 7112 4855
aaron.h...@a3sec.com

Este e-mail y cualquier documento anexo contienen información privada y confidencial única y exclusivamente para el destinatario. Si usted no es el destinatario, no tiene autorización para leer, copiar, usar o distribuir el e-mail y el/los documento anexos. En caso de haber recibido esta comunicación por error, le rogamos que lo remita al emisor y lo destruya posteriormente.

This e-mail and any attachment contain information, which is private and confidential and is intended for the addressee only. If you are not an addressee, you are not authorized to read, copy, use or distribute this communication. If you have received this e-mail in error, please notify the sender by return e-mail.

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/0f0ee7b6-ed50-4723-ac6a-87c5a127f8bbn%40googlegroups.com.

Reply all

Reply to author

Forward

0 new messages