Anomaly Detection Use Cases
120 views
Skip to first unread message
Hussain Ktk
May 22, 2024, 5:24:48 AM5/22/24
to Wazuh | Mailing List
I am seeking assistance with implementing the following anomaly detection use cases in Wazuh:
1. Anomalous File Creation at Unusual Paths
2. Suspicious Volume of Logins to User Account
3. Suspicious Volume of Logins to User Account by Logon Type
4. Anomalous SMB Connection by Device
5. Anomalous SMB Connection Generated by File
6. Symbolic Link to Shadow Copy Created
7. Abnormal Scheduled Task Created
8. Abnormal Registry Changes
9. Anomalous Group Policy Changes
10. Unusual Remote Services Execution
11. Abnormal Large DNS Response
12. Unusual Web Browsing Activity with Rare and Unusual URLs
13. Abnormal Traffic Requesting Unusual Endpoints
14. NAT Traversal Port Activity
15. Cobalt Strike Command and Control Beacon
16. Rare User Agents
17. Detect DNS Tunnelling
18. Network Activity with Unusual Domains
19. Anomalous Network Denies
20. Anomalous Network Activity
Any guidance or support would be greatly appreciated."
Let me know if you need any further assistance!
1. Anomalous File Creation at Unusual Paths
2. Suspicious Volume of Logins to User Account
3. Suspicious Volume of Logins to User Account by Logon Type
4. Anomalous SMB Connection by Device
5. Anomalous SMB Connection Generated by File
6. Symbolic Link to Shadow Copy Created
7. Abnormal Scheduled Task Created
8. Abnormal Registry Changes
9. Anomalous Group Policy Changes
10. Unusual Remote Services Execution
11. Abnormal Large DNS Response
12. Unusual Web Browsing Activity with Rare and Unusual URLs
13. Abnormal Traffic Requesting Unusual Endpoints
14. NAT Traversal Port Activity
15. Cobalt Strike Command and Control Beacon
16. Rare User Agents
17. Detect DNS Tunnelling
18. Network Activity with Unusual Domains
19. Anomalous Network Denies
20. Anomalous Network Activity
Any guidance or support would be greatly appreciated."
Let me know if you need any further assistance!
Carlos Ezequiel Bordon
May 22, 2024, 10:17:29 AM5/22/24
to Wazuh | Mailing List
Hello Hussain, I am sharing our Proof of concept guide with various use cases so you can check according to your needs:
https://documentation.wazuh.com/current/proof-of-concept-guide/index.html
With these guides, you can draw some considerations to apply in those use cases that are not covered in our guides.
Reply all
Reply to author
Forward
0 new messages