Wazuh Active Response for Blocking USB Drives
1,097 views
Skip to first unread message
JAVAL PATEL
Apr 4, 2023, 4:02:13 AM4/4/23
to Wazuh mailing list
Hello all,
I was trying to setup an active response in wazuh regarding unauthorized USB Drive insertion in windows. And alert triggers successfully, Now I was trying to setup a custom active response script but i don't have an idea that which script should I run and how to setup it. Although I have read documentation about custom active response it but got failed.
So, if someone know how to do it, can help me here, that will be great help for me
Nicolas Alejandro Bertoldo
Apr 4, 2023, 9:24:52 AM4/4/23
to Wazuh mailing list
Hi Javal,
Thanks for using Wazuh!
You could create a script that unmounts the usb drive, but in this case I suggest that you filter out authorized and unauthorized devices instead. For that, you can follow this reference guide: Monitoring USB drives in Windows using Wazuh
I hope this helps you, if not please let me know.
Regards.
Thanks for using Wazuh!
You could create a script that unmounts the usb drive, but in this case I suggest that you filter out authorized and unauthorized devices instead. For that, you can follow this reference guide: Monitoring USB drives in Windows using Wazuh
I hope this helps you, if not please let me know.
Regards.
Reply all
Reply to author
Forward
0 new messages