Semester project Group members : Kashuf Javed(215057) Laiba Batool Ayesha Arif Hamza Talha Wazuh : • Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments. Our group tasks : • • • • • 1) File Integrity Implementation and visualization. 2) Identify Top 8 Windows Security logs. 3) Window Security Event Alert. 4) Virus Total Scan of files. 5) Implementation of given policy. First we will take a look on file integrity monitoring • The Wazuh File Integrity Monitoring (FIM) module is a component of the Wazuh agent that monitors an endpoint filesystem and generates alerts when files are changed. The Wazuh FIM module stores the cryptographic checksum and other attributes of the monitored asset to detect when there is a change in those values. First we should go to wazuh agent manager and and click on view config Then we add a file with its path in wazuh manager which is to be monitored Then we go to our drive and make some changes in it We create a file named Kashuf and add text in it Then we go to our wazuh server and check whether the server has detect the change or not • So in this way , we can detect that the server has observed the changes in files which include addition of wazuh file and changing in 123 file