Integrating Mitre ATT&CK with wazuh for agentless devices.

[Danish Ibrar]

I'm a beginner at this. I'm tasked with mapping rules with mitre. I've looked around for references I found a blog that tells about a way to do it using sysmon and ART but it will only work for wazuh agents...
what do I have to do If I want to do mitre mapping for agentless devices....

[Nicolas Stefani]

Hi Danish,

Thanks for using Wazuh!

I'm reviewing your query. I will come back ASAP with an answer.

Regards,

On Thu, Mar 9, 2023 at 11:09 AM Danish Ibrar <rajaos...@gmail.com> wrote:

I'm a beginner at this. I'm tasked with mapping rules with mitre. I've looked around for references I found a blog that tells about a way to do it using sysmon and ART but it will only work for wazuh agents...
what do I have to do If I want to do mitre mapping for agentless devices....

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/26629653-2548-4e71-bee2-fa5193939e48n%40googlegroups.com.

--

Nicolás Stefani Software Engineer

[Nicolas Stefani]

Well, first you need to configure some way of remote syslog in the manager. Then you can customize the alert with MITRE normally.

I hope that helps you.

Best regards.

[Danish Ibrar]

So with that I can forward logs to syslog then to manager...

so I have to do mappin manually???