Wazuh replace Antivirus
1,863 views
Skip to first unread message
Eric
Apr 20, 2021, 11:26:53 PM4/20/21
to Wazuh mailing list
Hello colleagues,
I'm considering use Wazuh to replace Antivirus. As far as I know, right now, Wazuh have a few modules for anomaly detection:
- FIM (File Integrity Monitoring): This component stores the cryptographic checksum and other attributes of a known good file or Windows registry key and regularly compares it to the current file being used by the system, watching for changes.
- RootCheck: This component looks indicators of compromise, such as hidden ports, hidden files...
If I combined both modules & Integration with the Antivirus ClamAV/ VirusTotal, Is this possible & be safe to replace Antivirus?
Regards,
Juan Cabrera
Apr 21, 2021, 12:06:01 PM4/21/21
to Wazuh mailing list
Hello,
To enhance security, Wazuh has also the following features:
- Vulnerability-detector: is useful to detect vulnerabilities in applications installed on the agents, based on the vendor's OVALs and NVD (National Vulnerability Database: https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html
- SCA: provides out-of-the-box checks that are used for systems hardening: https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/sca.html
On the other hand, it is not recommended to uninstall the antivirus. Wazuh is a security endpoint agent, deployed on the monitored systems, and a management server, which collects and analyzes the data gathered by the agents, while an antivirus is a prevention tool that scans files, emails or blocks the installation of malware through well-known signatures and malware heuristics.
Regards,
Juan Cabrera
To enhance security, Wazuh has also the following features:
- Vulnerability-detector: is useful to detect vulnerabilities in applications installed on the agents, based on the vendor's OVALs and NVD (National Vulnerability Database: https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/index.html
- SCA: provides out-of-the-box checks that are used for systems hardening: https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/sca.html
On the other hand, it is not recommended to uninstall the antivirus. Wazuh is a security endpoint agent, deployed on the monitored systems, and a management server, which collects and analyzes the data gathered by the agents, while an antivirus is a prevention tool that scans files, emails or blocks the installation of malware through well-known signatures and malware heuristics.
Regards,
Juan Cabrera
Eric
Apr 21, 2021, 12:57:07 PM4/21/21
to Juan Cabrera, Wazuh mailing list
Hello Juan Cabrera,
Thank you so much for the excellent answer, you save my time.
I'm happy to be here, learning & receiving much valuable information from the Wazuh Team.
Regards,
--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/30958b80-fcd9-4f7e-8b49-c16785f22119n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages