Video Activity

10.2 Wazuh/OSSEC Functionality

Video Transcript

Now we've touched on waza or OS second and earlier lesson, so we won't cover two extensively here. But let's at least talk a bit more about its functionality was a is used as a host intrusion detection system that can be configured to alert or block on certain things. How can alert on such things as check some integrity is being changed. Users logging in or failing toe Le Guin root kits and other such things. Nosa can be installed on most major operating systems and security. Onion can gather the logs from up to 14,000 and points.

The value of using Rosa is that it gives visibility into what's actually happening on your end points. Network traffic is all fine and dandy, but if you really want to know what's happening on a computer, you need local logs. Was akan give you those logs and can alert on specific things? It's potentially pretty powerful if deployed properly. Now I've stumbled upon unauthorized network scans just by looking at was all logs, so I I'd recommend looking more into it. If you are interested in it,

Course link:
Security Onion
Security Onion is an open-source Network Security Monitoring and log management Linux Distribution. In this Security Onion course, you will explore the history, components, and architecture of the distro to improve your networking skills. Learn how to install and deploy server architectures, as well as how to replay or sniff traffic.
Instructed by
Karl Hansen

Cyber Security Analyst skilled in incident response, and managing Cyber Security Monitoring tools.