- Supplementary repo for Pluralsight Course: OS Analysis With Wazuh
- https://github.com/wazuh/wazuh-ruleset/tree/master/rules
- https://documentation.wazuh.com/4.0/getting-started/components/wazuh_agent.html
- https://github.com/wazuh/wazuh-docker
- https://documentation.wazuh.com/4.0/docker/index.html
- https://documentation.wazuh.com/4.0/installation-guide/wazuh-agent/index.html
- https://www.pluralsight.com/courses/command-control-merlin
- https://localhost:8080/app/wazuh
- https://github.com/wazuh/wazuh-ruleset/tree/v4.0.1/decoders
os-analysis-with-wazuh/docker-compose.yml
Lines 21 to 25 in 1bfcc3e
- https://documentation.wazuh.com/3.7/docker/container-usage.html#mount-custom-wazuh-configuration-files
- https://documentation.wazuh.com/4.0/user-manual/ruleset/rules-classification.html
- (https://documentation.wazuh.com/4.0/user-manual/reference/ossec-conf/active-response.html#location)
- https://github.com/zachroofsec/os-analysis-with-wazuh/blob/master/victim-container/misc/deny-invisible-process/deny-invisible-process.py
- https://github.com/zachroofsec/os-analysis-with-wazuh/blob/master/victim-container/misc/quarantine/quarantine.py
- https://zachroofsec.com
- https://wazuh.com/blog/emotet-malware-detection/
- https://wazuh.com/blog/monitoring-root-actions-on-linux-using-auditd-and-wazuh/
- https://github.com/wazuh/wazuh/wiki/Proof-of-concept-guide
- https://wazuh.com/blog/using-wazuh-for-windows-vulnerability-detection/
- https://attack.mitre.org/techniques/T1574/
- https://www.elastic.co/guide/en/kibana/7.9/introduction.html
- https://opendistro.github.io/for-elasticsearch-docs/