Block malicious domains with Wazuh XDR

206 views
Skip to first unread message

Siri Aboubakar

unread,
Mar 20, 2023, 12:20:43 PM3/20/23
to Wazuh mailing list
Hello everyone,
I hope you are well.
I would like to know if it is possible to block malicious domains with wazuh XDR. Is there any documentation or tutorial I can follow to accomplish this task? Any help or advice would be greatly appreciated.

Thanks for your time and support. 

Pacome Kemkeu

unread,
Mar 20, 2023, 12:35:48 PM3/20/23
to Wazuh mailing list
Hello Siri,
I recommend you take a look at this block post, that shows how to block known malicious actors using Wazuh active-response and CDB list.
In the same time you can take a look at this other blog post that uses Wazuh and AbuseIPDB to detect known bad actors. Then implement an active-response script to block the IP address whenever an alert triggers in your infrastructure.

I hope this helps you!

Siri Aboubakar

unread,
Mar 20, 2023, 1:37:33 PM3/20/23
to Wazuh mailing list

Hi Pacome,
thank you for your feedback, I will implement the documentation you shared to see what happens.

I wish you a good week!
Reply all
Reply to author
Forward
0 new messages