-
Notifications
You must be signed in to change notification settings - Fork 30
Coverage on 4.3
Dámaris edited this page Sep 17, 2021
·
3 revisions
Wazuh-QA provides a great set of tests for many Wazuh modules.
| Capabilities | Covered |
|---|---|
| Active Response | ✔️ |
| Agents connection service | ❌ |
| Agent key polling | ✔️ |
| Agents Labels | ✔️ |
| Agents Anti-flooding system | ❌ |
| Agentless monitoring | ❌ |
| Agents Registration service (Authd) | ✔️ |
| Analysis engine (Analysisd) | ✔️ |
| Certificate Deployment | ❌ |
| Cloud Security - Amazon AWS | ❌ |
| Cloud Security - Azure | ❌ |
| Cloud Security - Google GCP | ✔️ |
| Cluster | ✔️ |
| Command Execution | ❌ |
| Command Monitoring | ✔️ |
| Compliance | ❌ |
| Configuration assesment (SCA) | ❌ |
| Configuration emails alerts | ❌ |
| Configure database output | ❌ |
| Containers Security | ❌ |
| Creation of Packages | ❌ |
| Deployment | ❌ |
| Elasticsearch tuning | ❌ |
| FIM | ✔️ |
| csyslogd | ❌ |
| fluentd | ❌ |
| Generating automatic reports | ❌ |
| Installation | ❌ |
| Integration Daemon | ❌ |
| Integration with external APIs | ❌ |
| LogCollector | ✔️ |
| Logtest | ✔️ |
| Mitre ATT&CK | ✔️ |
| Osquery | ❌ |
| Regulatory Compliance | ❌ |
| Remoted | ✔️ |
| RESTful API | ✔️ |
| Rootkits Detection + CISC-SAT | ❌ |
| Rootkits Detection + OpenSCAP | ❌ |
| Rootkits Detection - Rootcheck | ✔️ |
| Rules and Decoders | ❌ |
| Setting Syslog output | ❌ |
| Setting Database output | ❌ |
| Syscheck | ✔️ |
| System Inventory (syscollector) | ❌ |
| Tools | ❌ |
| Upgrade | ✔️ |
| Uninstall | ❌ |
| Using Wazuh to monitor Office365 | ✔️ |
| Using Wazuh to monitor Github | ✔️ |
| Vulnerability Detector | ✔️ |
| WazuhDB | ✔️ |
| Wazuh Cloud | ❌ |
Details: Here
| Case | Covered | Note |
|---|---|---|
| Audit | ✔️ | This is a syslog event captured by logcollector. |
| AWS Wodle | ❌ | |
| Brute force | ✔️ | tests/integration/test_api/test_config/test_bruteforce_blocking_system |
| Docker | ❌ | |
| Emotet | ❌ | |
| FIM | ✔️ | |
| IP Reputation | ❌ | Even though it's not using IP Reputation tables, the test uses firewall_drop.sh to block an offending ip (as it can be seen in the image. |
| Netcat | ✔️ | |
| Osquery | ❌ | |
| Shellshock | ❌ | |
| SQL Injection | ❌ | |
| Slack | ❌ | |
| Suricata | ❌ | |
| Trojan | ✔️ | |
| Virustotal | ❌ | |
| Vulnerability Detector | ✔️ | |
| Yara | ❌ | |
| Windows Defender | ✔️ | This is a windows event captured by logcollector from WindowsDefender/Operational Channel. This test, checks that logs come in valid formats including windows format. |
Details: Here