Semester project
Group members :
Kashuf Javed(215057)
Laiba Batool
Ayesha Arif
Hamza
Talha
Wazuh :
• Wazuh is an enterprise-ready platform used for security monitoring. It is a
free and open-source platform that is used for threat detection, incident
response and compliance, and integrity monitoring. Wazuh is capable of
protecting workloads across virtualized, on-premises, containerized, and
cloud-based environments.
Our group tasks :
•
•
•
•
•
1) File Integrity Implementation and visualization.
2) Identify Top 8 Windows Security logs.
3) Window Security Event Alert.
4) Virus Total Scan of files.
5) Implementation of given policy.
First we will take a look on file
integrity monitoring
• The Wazuh File Integrity Monitoring (FIM) module is a component of
the Wazuh agent that monitors an endpoint filesystem and generates alerts
when files are changed. The Wazuh FIM module stores the cryptographic
checksum and other attributes of the monitored asset to detect when
there is a change in those values.
First we should go to wazuh agent manager and
and click on view config
Then we add a file with its path in wazuh
manager which is to be monitored
Then we go to our drive and make some
changes in it
We create a file named Kashuf and add text
in it
Then we go to our wazuh server and check
whether the server has detect the change or not
• So in this way , we can detect that the server has observed the changes in
files which include addition of wazuh file and changing in 123 file