Detecting malicious URLs using Wazuh and URLhaus on Windows End Points

98 views

Skip to first unread message

Henry Valero

unread,

Nov 5, 2024, 3:10:23 PM11/5/24

to Wazuh | Mailing List

Hi all:

Could someone explain to us how to do this detection of malicious URLs with Wazuh and URLHaus but in Windows-type EndPoints?

https://wazuh.com/blog/detecting-malicious-urls-using-wazuh-and-urlhaus/

Atte.:

Henry

Tomas Benitez Vescio

unread,

Nov 6, 2024, 6:34:39 AM11/6/24

to Wazuh | Mailing List

Hi,

To integrate URLhaus with Wazuh, and as it's described in the blog, you would need to do two things: first configure the endpoints you wish to monitoring to collect logs about network activity (to later be able to detect malicious URLs access) and second configure Wazuh server to check URLs access logs received from endpoints against URLhaus. The latter you should be able to do following the blog (creating a script, etc), the former in the case of the blog is done using Suricata. This tool seems to provide a version for Windows so you could try that or if that doesn't you could try work any other tool for Windows that is able to monitoring network interface activity.