From the course: Security Onion
Join today to access over 24,700 courses taught by industry experts.
Wazuh/OSSEC functionality
From the course: Security Onion
Wazuh/OSSEC functionality
- [Instructor] Now, we've touched on Wazuh, or OSSEC, in earlier lesson, so we won't cover too extensively here, but let's at least talk a bit more about its functionality. Wazuh is used as a host intrusion detection system that can be configured to alert or block on certain things. Now can alert on such things as checksum integrity is being changed, users logging in or failing to log in, root kits and other such things. The Wazuh can be installed on most major operating systems, and Security Onion can gather the logs from up to 14,000 endpoints. The value of using Wazuh is that it gives visibility into what's actually happening on your endpoints. Network traffic is all fine and dandy, but if you really want to know what's happening on a computer, you need local logs. Wazuh can give you those logs and can alert on specific things. It's potentially pretty powerful if deployed properly. Now, I've stumbled upon unauthorized network scans just by looking at Wazuh logs, so I'd recommend…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.