DevOps
  • 🖌️Getting started
  • INTRODUCTION
    • System Architecture
  • SHIP
    • GitHub
    • Ansible
    • Tunnel
    • Load Balancing
    • Jenkins
    • Debugging
  • How to
  • Improvements
    • Infrastructure
      • Terraform
    • Security
      • Blue team
  • Application
  • Sources
  • Useful
    • How to use grep
    • Blog
Powered by GitBook
On this page

Was this helpful?

  1. Improvements
  2. Security

Blue team

Blue team security

PreviousSecurityNextApplication

Last updated 1 year ago

Was this helpful?

SOC ( Security Operations Center )

Tools

WAZUH

--> wazuh agent installed on systems

Log collector
Command execution

File integrity monitoring (FIM)

Security configuration assessment (SCA)

System inventory

Malware detection

Active response

Container security

Cloud security

--> Centralizeed server for Wazuh server:

The Wazuh server analyzes the data received from the Wazuh agents, triggering alerts when threats or anomalies are detected. It is also used to remotely manage the agents' configuration and monitor their status

--> Wazuh Dashboard, web interface for mining, analyzing, and visualizing security data

-->

This central component is a flexible and intuitive web interface for mining, analyzing, and visualizing security data. It provides out-of-the-box dashboards, allowing you to seamlessly navigate through the user interface.

With the Wazuh dashboard, users can visualize security events, detected vulnerabilities, file integrity monitoring data, configuration assessment results, cloud infrastructure monitoring events, and regulatory compliance standards.

https://wazuh.com/install/
https://documentation.wazuh.com/current/installation-guide/wazuh-server/index.html
https://documentation.wazuh.com/current/installation-guide/wazuh-dashboard/index.html