wazuh threat hunting and threat intelligence
260 views
Skip to first unread message
gowtham krup
Sep 25, 2023, 1:05:15 AM9/25/23
to Wazuh | Mailing List
HI Team
we are the process of implementation in wazuh (threat hunting) and (threat intelligence)
could you please any one please share your information that would be great help for us
Thanks in advance
we are the process of implementation in wazuh (threat hunting) and (threat intelligence)
could you please any one please share your information that would be great help for us
Thanks in advance
Pacome Kemkeu
Sep 25, 2023, 3:00:55 AM9/25/23
to Wazuh | Mailing List
Hello Gowtham,
First, take a look at this documentation that provides a comprehensive overview of different Wazuh capabilities that can be implemented in the process of Threat hunting. Here you'll find guidance on:
First, take a look at this documentation that provides a comprehensive overview of different Wazuh capabilities that can be implemented in the process of Threat hunting. Here you'll find guidance on:
- How to collect and centralize logs using the log data collection and Wazuh archives
- Customize and create your own rules and decoders, tailored to your specific environment and threat landscape.
- Utilize the Wazuh MITRE ATT&CK module to map and understand cyber attack tactics, techniques, and procedures (TTPs) that occur in your environment.
In a second time concerning your request for Threat Intelligence, Wazuh offers integrations with various CTI platforms such as MISP, URLHaus, VirusTotal, AlienVault and more. You can find in our documentation and blogs various write-ups that will help you integrate these according to your own requirements. A few example are:
- Wazuh and MISP integration
- Detecting and removing malware using VirusTotal integration
- Detecting malicious URLs using Wazuh and URLhaus
- Wazuh SIEM — OpenCTI Threat Intel Integration
- Find more in our PoC guide
I hope you find this helpful!
Reply all
Reply to author
Forward
0 new messages