Skip to content

tread-lightly/Wazuh_Custom_Active_Response_Scripts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
AbuseIPDB_integration
AbuseIPDB_integration
 
 
AlienVault_integration
AlienVault_integration
 
 
CheckPoint_integration
CheckPoint_integration
 
 
CrowdSec_integration
CrowdSec_integration
 
 
README.md
README.md
 
 

Repository files navigation

Wazuh_Custom_Active_Response_Scripts

Some custom integrations for Wazuh SIEM via active response feature

TL;DR:

  • CheckPoint External IOC feeds integration via Active Response allows you to add IP's from specific events to the CheckPoint External IOC feed for the Threat Prevention engine
  • CrowdSec integration via Active Response allows you to check IP's from specific events via CrowdSec API and return results directly to the dashboard as the new event
  • AlienVault integration via Active Response allows you to check IP's from specific events via AlienVault API and return results directly to the dashboard as the new event
  • AbuseIPDB integration via Active Response allows you to check IP's from specific events via AbuseIPDB API and return results directly to the dashboard as the new event

telegram:

About

Some custom integrations for Wazuh SIEM

Topics

security security-audit log-analysis checkpoint ids infosec siem ips wazuh crowdsec wazuh-integration

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Languages