Wazuh can scan pc using crack software or not
Le Sok
Wazuh can scan pc like Windows using crack software or not? because alot of wazuh agent on my organization but in wazuh I don't see anything dangerous but in pc employee when I go to check manual alot of software crack. please help me if Wazuh can scan Crack software.
Best regards
Md. Nazmur Sakib
Hi Le Sok,
Hope you are doing well. Thank you for using Wazuh.
By default, the Wazuh agent monitors the installation of applications using the configuration below located in the Wazuh agent configuration file C:\Program Files (x86)\ossec-agent\ossec.conf:
<localfile>
<location>Application</location>
<log_format>eventchannel</log_format>
</localfile>
<rule id="60612" level="3">
<if_sid>60609</if_sid>
<field name="win.system.eventID">^11707$|^1033$</field>
<options>no_full_log</options>
<description>Application installed $(win.eventdata.data).</description>
</rule>
Based on rule 60609 you can come up with some custom rules to detect the installation of applications that are not permitted.
Check this document for custom decoders and rules.
https://documentation.wazuh.com/current/user-manual/ruleset/custom.html
Check this document for Ruleset XML syntax:
https://documentation.wazuh.com/current/user-manual/ruleset/ruleset-xml-syntax/inde
I hope this helps. Let me know if you need any further assistance.
Regards
Md. Nazmur sakib
Le Sok
--
You received this message because you are subscribed to the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/4cdad9d4-20c2-42e9-8da8-fecb37ffa97an%40googlegroups.com.