Malware Detection

[Abhishek Mishra]

Hello Team,

Actually I wanted to malware detection in wazuh. I download some malware samples for detection purpose. I am not getting any alerts and events regarding this in my wazuh gui interface. Can you please help how can i getting alert regarding malware detection  if any malware execution in agent side.

Thanks in advance.

[Maximiliano Ibarra]

Hi.
First of all, thanks for contacting us.
I gonna try to help you with the malware detections in your wazuh environment. The File integrity monitoring watches selected files and triggers alerts when these files are modified. Because of that, we need to configure the FIM module.
First I suggested you read this article about Anomaly and Malware detection: https://documentation.wazuh.com/current/user-manual/capabilities/anomalies-detection/how-it-works.html

And then, you must configure the File Integrity Monitoring following the next article: https://documentation.wazuh.com/current/user-manual/capabilities/file-integrity/fim-configuration.html
Please, take your time and tell me how it was.
We keep in touch.
Best regards

[Abhishek Mishra]

Hello Team,

Already I have done testing with some malware it is showing the alert but now we are testing with ransomware in this situation I am not getting any alert regarding ransomware. Is wazuh capable for detect the ransomware if yes please let me know. 

Thanks 

[Maximiliano Ibarra]

Hi. 
Thanks for contacting us again.
I was researching more about your doubt and I found the following article in our blog.

• https://wazuh.com/blog/preventing-and-detecting-ransomware-with-wazuh/
  

I this article you will find how to create actions to prevent and detect ransomware attacks.

I hope that information could help you.

Best regards.