OS Analysis with Wazuh

Want to learn how to detect process-level and file-level attacks? How about automatically blocking data exfiltration over a C2 channel? If so, you're in the right place! In this course you will learn OS Analysis using Wazuh.
Course info
Level
Intermediate
Updated
Dec 21, 2020
Duration
36m
Table of contents
Description
Course info
Level
Intermediate
Updated
Dec 21, 2020
Duration
36m
Your 10-day individual free trial includes:

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.
Description

Detecting process-level and file-level attacks can be challenging. Additionally, many tools are "alert factories" that don't have the ability to remediate in-progress attacks. Luckily, Wazuh solves these problems! In this course, OS Analysis with Wazuh, you'll cover how to utilize Wazuh to respond to data exfiltration in an enterprise environment. First, you'll create a rule to detect malicious filesystem operations. Next, you'll uncover a rootkit through Wazuh by using a Python script. Finally, you'll leverage Wazuh's Active Response functionality to automatically quarantine the host (and prevent it from exfiltrating data). In this course, you will simulate all attacks through Merlin (a popular C2 service) so we can emulate real-world scenarios! (No prior Merlin experience is needed). When you're finished with this course, you'll have the skills and knowledge to detect these techniques: Scheduled Task/Job (T1053), Hijack Execution Flow (T1574), and Exfiltration Over C2 Channel (T1041).

About the author
About the author

Zach’s curiosity has led him to roles in Software Development, DevOps, and Security. By drawing on these fields, Zach’s goal is to empower learners with a unique, cross-discipline skill set.

More from the author
Command and Control with Merlin
Intermediate
27m
Dec 21, 2020
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Welcome to Pluralsight in this cybersecurity tools course, featuring Wazuh, the popular open‑source OS analysis tool developed and maintained by Santiago Bassett and the Wazuh team. With advancements in adversarial techniques, systems can go from signs of initial compromise to full‑scale compromise in a matter of minutes. As a blue teamer, you need to automate defenses to contain widespread compromise. In this course, you'll leverage Wazuh's active response functionality to automatically quarantine a host and prevent data exfiltration. As many attacks can originate within the file system, you'll leverage Wazuh's file integrity monitoring, or FIM, as a basis for your automated defenses. Even better, you'll simulate your defenses against Merlin, a popular command and control framework. If you're a blue teamer looking to defend against host‑based attacks or a red teamer looking to exploit modern defense patterns, come join me, and get up and running with Wazuh today.