NMAP

41 views

Skip to first unread message

Anas Asswad

unread,

Jul 5, 2022, 3:20:16 AM7/5/22

to Wazuh mailing list

Dear team,

I would like to ask you if it is possible to detect any NMAP command against my agent OS.

Regards,

antonio....@wazuh.com

unread,

Jul 5, 2022, 3:46:52 AM7/5/22

to Wazuh mailing list

Hello A.asswad

I will like to know if you want to monitor the output of the NMAP command or if you want to monitor if any user on the system executes the given command.

If you want to monitor the output of the command, you need to use the command option. More information can be found in this section of the documentation.
On the other hand, you can use the Linux Audit system to monitor command execution. There is a section on the documentation explaining how to set up Wazuh. Additionally, I will leave several useful links:

https://documentation.wazuh.com/current/learning-wazuh/audit-commands.html
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-defining_audit_rules_and_controls
https://documentation.wazuh.com/current/user-manual/capabilities/system-calls-monitoring/index.html#system-call-monitoring

Reply all

Reply to author

Forward

0 new messages