Block malicious domains with Wazuh XDR
206 views
Skip to first unread message
Siri Aboubakar
Mar 20, 2023, 12:20:43 PM3/20/23
to Wazuh mailing list
Hello everyone,
I hope you are well.
I would like to know if it is possible to block malicious domains with wazuh XDR. Is there any documentation or tutorial I can follow to accomplish this task? Any help or advice would be greatly appreciated.
Thanks for your time and support.
Thanks for your time and support.
Pacome Kemkeu
Mar 20, 2023, 12:35:48 PM3/20/23
to Wazuh mailing list
Hello Siri,
I recommend you take a look at this block post, that shows how to block known malicious actors using Wazuh active-response and CDB list.
In the same time you can take a look at this other blog post that uses Wazuh and AbuseIPDB to detect known bad actors. Then implement an active-response script to block the IP address whenever an alert triggers in your infrastructure.
I hope this helps you!
I recommend you take a look at this block post, that shows how to block known malicious actors using Wazuh active-response and CDB list.
In the same time you can take a look at this other blog post that uses Wazuh and AbuseIPDB to detect known bad actors. Then implement an active-response script to block the IP address whenever an alert triggers in your infrastructure.
I hope this helps you!
Siri Aboubakar
Mar 20, 2023, 1:37:33 PM3/20/23
to Wazuh mailing list
Hi Pacome,
thank you for your feedback, I will implement the documentation you shared to see what happens.
I wish you a good week!
I wish you a good week!
Reply all
Reply to author
Forward
0 new messages