This is the code repository for Security Monitoring with Wazuh, published by Packt.
A hands-on guide to effective enterprise security using real-life use cases in Wazuh
Explore the implementation of Wazuh for effective security monitoring through use cases and demonstrations of how to integrate Wazuh with essential tools like OSSEC, TheHive, Cortex, and Shuffle.
This book covers the following exciting features:
- Find out how to set up an intrusion detection system with Wazuh
- Get to grips with setting up a file integrity monitoring system
- Deploy Malware Information Sharing Platform (MISP) for threat intelligence automation to detect indicators of compromise (IOCs)
- Explore ways to integrate Shuffle, TheHive, and Cortex to set up security automation
- Apply Wazuh and other open source tools to address your organization’s specific needs
- Integrate Osquery with Wazuh to conduct threat hunting
If you feel this book is for you, get your copy today!
All of the code is organized into folders. For example, Chapter 2.
The code will look like the following:
<rule id="200101" level="1">
<if_sid>60009</if_sid>
<field name="win.system.providerName">^PowerShell$</field>
<mitre>
Following is what you need for this book: This book is for SOC analysts, security architects, and security engineers who want to set up open-source SOC with critical capabilities such as file integrity monitoring, security monitoring, threat intelligence automation, and cloud security monitoring. Managed service providers aiming to build a scalable security monitoring system for their clients will also find valuable insights in this book. Familiarity with basic IT, cybersecurity, cloud, and Linux concepts is necessary to get started.
With the following software and hardware list you can run all code files present in the book (Chapter 1-9).
| Chapter | Software required | OS required |
|---|---|---|
| 1-9 | Wazuh OVA | Windows, Mac OS X, and Linux (Any) |
| 1-9 | Suricata IDS and Osquery | Windows, Mac OS X, and Linux (Any) |
| 1-9 | VirusTotal | Windows, Mac OS X, and Linux (Any) |
Rajneesh Gupta With 11 years of experience, Rajneesh Gupta, a seasoned cybersecurity expert, specializes in open-source security, security monitoring, cloud security, security audit, and red-teaming exercises. Prior to this, he worked with Hewlett-Packard as security lead. A CISA-certified professional, he has played a pivotal role in building and automating Security Operation Centers (SOCs) for hundreds of businesses globally, conducting security audits, and guiding on frameworks and compliances. Rajneesh is also passionate about mentoring, having helped numerous individuals kickstart their careers in cybersecurity. He is also the author of Hands-On with Cybersecurity and Blockchain, which is popular across both security and blockchain communities. Outside of work, Rajneesh enjoys spending time in hill stations and playing volleyball.