Wazuh Proof of Concept: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (7 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
| + | =Vorbereitung beim Nutzen eines Debian Systems= | ||
| + | *sudo apt install iptables | ||
| + | *sudo update-alternatives --set iptables /usr/sbin/iptables-nft | ||
| + | *sudo iptables -L | ||
| + | |||
| + | |||
| + | |||
| + | =Proof of Concept= | ||
*[https://documentation.wazuh.com/current/proof-of-concept-guide/block-malicious-actor-ip-reputation.html Blocking a known malicious actor] | *[https://documentation.wazuh.com/current/proof-of-concept-guide/block-malicious-actor-ip-reputation.html Blocking a known malicious actor] | ||
*[https://documentation.wazuh.com/current/proof-of-concept-guide/poc-file-integrity-monitoring.html File integrity monitoring] | *[https://documentation.wazuh.com/current/proof-of-concept-guide/poc-file-integrity-monitoring.html File integrity monitoring] | ||
| Zeile 4: | Zeile 12: | ||
*[https://documentation.wazuh.com/current/proof-of-concept-guide/monitoring-docker.html Monitoring Docker events] | *[https://documentation.wazuh.com/current/proof-of-concept-guide/monitoring-docker.html Monitoring Docker events] | ||
*[https://documentation.wazuh.com/current/proof-of-concept-guide/detect-unauthorized-processes-netcat.html Detecting unauthorized processes] | *[https://documentation.wazuh.com/current/proof-of-concept-guide/detect-unauthorized-processes-netcat.html Detecting unauthorized processes] | ||
| + | *[https://documentation.wazuh.com/current/proof-of-concept-guide/integrate-network-ids-suricata.html Network IDS integration] | ||
| + | *[https://documentation.wazuh.com/current/proof-of-concept-guide/detect-web-attack-sql-injection.html Detecting an SQL injection attack] | ||
| + | *[https://documentation.wazuh.com/current/proof-of-concept-guide/poc-detect-trojan.html Detecting suspicious binaries] | ||
| + | *[https://documentation.wazuh.com/current/proof-of-concept-guide/detect-remove-malware-virustotal.html Detecting and removing malware using VirusTotal integration] | ||
| + | *[https://documentation.wazuh.com/current/proof-of-concept-guide/detect-web-attack-shellshock.html Detecting a Shellshock attack] | ||
| + | *[https://documentation.wazuh.com/current/proof-of-concept-guide/poc-vulnerability-detection.html Vulnerability detection] | ||
| + | =Source= | ||
| + | *https://documentation.wazuh.com/current/proof-of-concept-guide/index.html | ||
Aktuelle Version vom 13. März 2025, 06:52 Uhr
Vorbereitung beim Nutzen eines Debian Systems
- sudo apt install iptables
- sudo update-alternatives --set iptables /usr/sbin/iptables-nft
- sudo iptables -L
Proof of Concept
- Blocking a known malicious actor
- File integrity monitoring
- Detecting a brute-force attack
- Monitoring Docker events
- Detecting unauthorized processes
- Network IDS integration
- Detecting an SQL injection attack
- Detecting suspicious binaries
- Detecting and removing malware using VirusTotal integration
- Detecting a Shellshock attack
- Vulnerability detection