Panda implementation in Wazuh

[JB]

Good afternoon team,

I hope all is well, I wanted to know if there is documentation to be able to implement and visualize Panda antivirus events in Wazuh?

Thank you very much in advance

[Javier Medeot]

Hi JB.

We don't have any documents on how to visualize Panda antivirus alerts in Wazuh. While our ruleset does include decoders and rules for some Panda products as in the references below, I understand this is for Panda solutions specifically designed for SIEM integration providing logs in the LEEF format to this effect.

• https://github.com/wazuh/wazuh/blob/v4.5.3/ruleset/decoders/0470-panda-paps_decoders.xml
• https://github.com/wazuh/wazuh/blob/v4.5.3/ruleset/rules/0675-panda-paps_rules.xml

You can test these rules feeding a Panda log to our testing tool as explained in Testing decoders and rules and shown in the image below.

However, I'm not aware of Panda home user solutions providing logs for the antivirus scan results. If they do, we can help you build decoders and rules to alert about those events. In any case, if you need to integrate with an antivirus solution you can read our guides about integrating VirusTotal:

• VirusTotal integration
• Detecting and removing malware using VirusTotal integration

Please let me know if this is what you needed to know and if we can help you reading specific Panda log files you might have available.

Thank you.