wazuh_info_collection

Collection of tools, rules and other things for Wazuh

Post any suggestions in Issues, I will check it and add it here ;)

Sources:

• Official documentation (https://documentation.wazuh.com/current/index.html)
• Official blog (https://wazuh.com/blog/)
• Official GitHub page (https://github.com/wazuh)
• Official Slack channel with online support (https://join.slack.com/t/wazuh/shared_invite/zt-1gcav2l82-ti8yjw709bIHQ04K8WiziA)
• Official Wauzh LinkedIn page 9https://www.linkedin.com/company/wazuh)
• Official YouTube channel of Taylor Walton (OpenSecure/SOCFortress) (https://www.youtube.com/channel/UC4EUQtTxeC8wGrKRafI6pZg)
• Official blog channel of Taylor Walton (https://socfortress.medium.com)
• Official Discord server of SOCFortress (https://discord.com/invite/MzkFP9yE9V)

Useful posts:

• Wazuh Alerts in Telegram (https://medium.com/@jesusjimsa_12801/integrating-telegram-with-wazuh-4d8db91025f)
• DNS TELEMETRY IN LINUX WITH PACKETBEAT (https://github.com/juaromu/wazuh-linux-dns-telemetry)
• Azure Blob storage as snapshots repository for Wazuh Indexer Data (https://medium.com/@karkoubelwali/azure-blob-storage-as-snapshots-repository-for-wazuh-indexer-data-623799091705)
• SIEM MONITORING using Wazuh (https://cyberspades.medium.com/siem-monitoring-using-wazuh-17cce55b2752)
• Using Wazuh and Heartbeat to monitor SSL/TLS certificates (https://systemweakness.com/using-wazuh-and-heartbeat-to-monitor-ssl-tls-certificates-fdb0dd5b2893)

Useful tools:

• Sigma to Wazuh rules converter (https://github.com/theflakes/sigma_to_wazuh)
• Another Sigma to Wazuh rules converter (https://github.com/SanWieb/sigWah)
• Sysmon config from Ion Storm (https://github.com/ion-storm/sysmon-config)
• Repo of Sysmon configuration modules (https://github.com/olafhartong/sysmon-modular)
• Neo23x0 Sysmon config (https://github.com/Neo23x0/sysmon-config)
• WAZUH AND NMAP FOR NETWORK SCAN (https://github.com/juaromu/wazuh-nmap)
• WAZUH - OPRNCTI INTEGRATION FOR THREAT INTEL (https://github.com/juaromu/wazuh-opencti)
• WAZUH - MISP INTEGRATION FOR THREAT INTEL (https://github.com/juaromu/wazuh-misp)
• Windows Inventory to Wazuh script (https://github.com/juaromu/wazuh-windows_agent-inventory)
• SYSMON FOR LINUX AND WAZUH AGENT (https://github.com/juaromu/wazuh-sysmon-for-linux)
• FIND log4j VULNERABLE SOFTWARE USING WAZUH (https://github.com/juaromu/wazuh-log4j)
• Wazuh and Snyk (snyk.io) integration to scan Docker image vulnerabilities (https://github.com/juaromu/wazuh-snyk)
• WAZUH AND SYSINTERNALS (https://github.com/juaromu/wazuh)
• WINDOWS SOFTWARE POLICY USING WAZUH AND SYSINTERNALS (https://github.com/juaromu/wazuh-windows-software-policy)
• WAZUH AND DOMAIN STATS + ALIENVAULT OTX (https://github.com/juaromu/wazuh-domain-stats-alienvault)
• Wazuh + Yara + Loki scan (https://github.com/juaromu/wazuh-yara)

Rules examples:

• Advanced Wazuh Rules from SOCFortress (https://github.com/socfortress/Wazuh-Rules)
• OFFICE 365 - MITRE ENRICHED EVENTS USING WAZUH DETECTION RULES (https://github.com/juaromu/wazuh-office365-mitre)

Updates:

• Added auditd rules - thx to sm0ke87 (https://github.com/sm0ke87)
• Added Opensearch plugin alerting - thx to sm0ke87 (https://github.com/sm0ke87)
• Added Wazuh rules based on Ion Storm Sysmon config - thx to sm0ke87 (https://github.com/sm0ke87)
• Added files for Telegram Notifications