Wazuh , Shell Scripts
109 views
Skip to first unread message
Marouen Ben Mahmoud
Jul 7, 2022, 10:51:09 AM7/7/22
to Wazuh mailing list
Hello ,
I'm a new intern in an IT company and my boss gave me a project to build a detection response system that includes script shells stored in docker containers.
My Wazuh manager works fine and I already tried detecting SQL Injection, Nmap, and BruteForce attacks, but I'm kind of stuck because I don't have much clues to go further.
So I would like if you have any suggestions or insight on some projects that you suppose have similarities with mine that will make me advance.
Any help will be very much appreciated ,
Thank you.
Francisco Tuduri
Jul 10, 2022, 8:21:00 PM7/10/22
to Wazuh mailing list
Hello Marouen!
I apologize for the late response.
I don't know if you have had the chance to check the "Learning Wazuh" section of the official documentation. There are many exercises there that can give you some ideas of how to advance with your project.
Also, there is an extensive set of Proof of Concept guides. These guides describe step by step configurations to test the different capabilities of Wazuh in real-world scenarios.
Another important source of information is the Wazuh blog. There are many articles there already and new ones are posted regularly. Besides related news and announcements, many posts explain with a high level of detail how to use different functionalities and how to detect new threats.
One post in particular you could check out is "Monitoring Docker container logs with Wazuh" (https://wazuh.com/blog/monitoring-docker-container-logs-with-wazuh/)
I hope you find this useful.
Regards
I apologize for the late response.
I don't know if you have had the chance to check the "Learning Wazuh" section of the official documentation. There are many exercises there that can give you some ideas of how to advance with your project.
Also, there is an extensive set of Proof of Concept guides. These guides describe step by step configurations to test the different capabilities of Wazuh in real-world scenarios.
Another important source of information is the Wazuh blog. There are many articles there already and new ones are posted regularly. Besides related news and announcements, many posts explain with a high level of detail how to use different functionalities and how to detect new threats.
One post in particular you could check out is "Monitoring Docker container logs with Wazuh" (https://wazuh.com/blog/monitoring-docker-container-logs-with-wazuh/)
I hope you find this useful.
Regards
Francisco Tuduri
Jul 13, 2022, 4:36:57 PM7/13/22
to Wazuh mailing list
Hello Marouen!
Did you find anything useful in those links?
Were you able to make some progress with your project?
Regards!
Reply all
Reply to author
Forward
0 new messages