Can Wazuh detect malicious file from phishing or not
282 views
Skip to first unread message
Le Sok
Aug 21, 2024, 3:40:59 AM8/21/24
to Wazuh | Mailing List
Hello everyone,
I want to ask about wazuh can detect malicious file from phising or not
When endpoint click on malicious file got from attacker using phising attack
does the Wazuh detect it or not? Is wazuh alert or not?
I want to ask about wazuh can detect malicious file from phising or not
When endpoint click on malicious file got from attacker using phising attack
does the Wazuh detect it or not? Is wazuh alert or not?
Santiago Padilla Alvarez
Aug 21, 2024, 4:16:36 AM8/21/24
to Wazuh | Mailing List
Hi,
Wazuh has functions that can help detect and respond to phishing attacks:
Best regards!
Wazuh has functions that can help detect and respond to phishing attacks:
- It can monitor files on endpoints for any changes, including the creation of new files that could occur if a user downloads a file from a phishing email.
- Scans logs from various sources on the endpoint, such as system, application, and security logs. It can detect suspicious activity associated with malware execution. For example, if a malicious file attempts to modify system settings or execute unusual processes, Wazuh can generate alerts based on these activities.
- It can integrate with VirusTotal, allowing it to automatically check file hashes against the VirusTotal database of known malicious signatures. If a file downloaded from a phishing email is known to be malicious, Wazuh can detect it and alert accordingly.
- Wazuh not only detects, but can also respond to threats. If a malicious file is detected, Wazuh can execute predefined active responses such as isolating the endpoint, killing malicious processes or deleting malicious files.
- I leave you here some blogs and documentation describing different ways to deal with phishing and malware with Wazuh:
Best regards!
Reply all
Reply to author
Forward
0 new messages