About Pedro S

This author has not yet filled in any details.
So far Pedro S has created 2 blog entries.

Automatically deploying OSSEC to Windows using Wazuh API

In some environments the hardest part of the deployment process is the installation of OSSEC on Windows endpoints. Wazuh has created a tool to install, register and connect Windows agents using the capabilities of the RESTful API combined with a PowerShell script.

Prerequisites

  • Wazuh HIDS v2.0+
  • Wazuh RESTful API v2.0+
  • Powershell v2.0+ (built-in Windows Server 2008 R2 or superior)

Process explanation

The Powershell script covers two different processes in order to deploy an agent.

The first one is the installation. The script will run the agent installer, once complete, OSSEC will be installed by default at C:\ossec-agent\ folder.

The second one is the registering the agent, […]

By |May 6th, 2016|1 Comment

File Integrity Monitoring and Wazuh RESTful API

The goal of this article is to explain how to set up a basic configuration of FIM (File Integrity Monitoring) using the syscheck component in OSSEC. After that, we will to check the files being monitored using Wazuh RESTful API.

Prerequisites

  • Wazuh HIDS v1.1
  • Wazuh RESTful API v1.2

Configure FIM in a Windows Agent

The syscheck daemon is the main process used for FIM in OSSEC, however we will need to change some options in order to configure it.

On the OSSEC agent (your Windows host), open the file ossec.conf, usually situated in the default installation folder C:\Program Files (x86)\ossec-agent, look for the section, then add the files […]

By |April 15th, 2016|1 Comment