Wazuh Alerts – Hierarchy and Custom Rules

by cstephenson@lottabytes.comPosted on 0 comments

Wazuh provides and extremely valuable view into the security health of your systems. However, there are times where the default, out-of-the-box rules don’t work well for you. There’s a nice tutorial on custom rules in the Wazuh documentation, however, it wasn’t apparently clear to me the hierarchical nature of these rules. As a consequence, when …

Read more “Wazuh Alerts – Hierarchy and Custom Rules”

Different Logging Approaches

by cstephenson@lottabytes.comPosted on 0 comments

There are many common approaches to logging. However, since my home environment is running SecurityOnion (SO), I’m going to focus on three common ones and show how to do an end-to-end configuration with SO. If you’re curious about Filebeat, I’ve already written about it here. Fluentd Fluentd is extremely popular, while providing many options and …

Read more “Different Logging Approaches”