aurora networks
managed services

Blog

Aurora Networks Blog. Open-Source Solutions and SaaS.

Wazuh and Windows Sysinternals.

Open-Source based end-point detection using WAZUH HIDS.

Sysmon events enriched with Mitre TTPs

by Juan J. Romero in Open-Source Security 10/10/2021

Wazuh and Domain Stats Integration.

New, first seen or suspicious domains checked against AlienVault OTX IoCs via Wazuh’s Active Response.

by Juan J. Romero in Open-Source Security 15/10/2021

Applying a software/application policy using Wazuh and Sysinternals.

Detection mode: events where a process is started but is not part of the software policy will generate an alert.

Prevention mode: events where a process is started but is not part of the software policy will be suspended.

by Juan J. Romero in Open-Source Security 20/10/2021

Wazuh and Chainsaw integration to run forensic analysis.

Use Chainsaw to collect past artifacts still present in the WinEvtLogs and take Chainsaw’s output to the Wazuh manager.

Apply DFIR at any given time.

by Juan J. Romero in Open-Source Security 25/10/2021

In this integration we'll use Snyk’s CLI to scan for vulnerabilities in the Docker images and all their dependencies.

Wodle Command configured to run periodic security scans in all Docker images used in the host.

Apply DFIR at any given time.

by Juan J. Romero in Open-Source Security 11/11/2021

19,20-24 Premier Street

Kogarah, NSW 2217

+61 042 024 6579