Security Monitoring with Wazuh ( A hands-on guide to effective enterprise security using real-life use cases in Wazuh )

What is this book about?

Explore the implementation of Wazuh for effective security monitoring through use cases and demonstrations of how to integrate Wazuh with essential tools like OSSEC, TheHive, Cortex, and Shuffle.

This book covers the following exciting features:

Find out how to set up an intrusion detection system with Wazuh

Get to grips with setting up a file integrity monitoring system

Deploy Malware Information Sharing Platform (MISP) for threat intelligence automation to detect indicators of compromise (IOCs)

Explore ways to integrate Shuffle, TheHive, and Cortex to set up security automation

Apply Wazuh and other open source tools to address your organization’s specific needs

Integrate Osquery with Wazuh to conduct threat hunting

Instructions and Navigations

All of the code is organized into folders. For example, Chapter 2.

The code will look like the following:

<rule id="200101" level="1">

<if_sid>60009</if_sid>

<field name="win.system.providerName">^PowerShell$</field>

<mitre>

Following is what you need for this book:

This book is for SOC analysts, security architects, and security engineers who want to set up open-source SOC with critical capabilities such as file integrity monitoring, security monitoring, threat intelligence automation, and cloud security monitoring. Managed service providers aiming to build a scalable security monitoring system for their clients will also find valuable insights in this book. Familiarity with basic IT, cybersecurity, cloud, and Linux concepts is necessary to get started.

With the following software and hardware list you can run all code files present in the book (Chapter 1-9).