Blue team

Blue team security

SOC ( Security Operations Center )

Tools

WAZUH

--> https://wazuh.com/install/ wazuh agent installed on systems

Log collector

Command execution

File integrity monitoring (FIM)

Security configuration assessment (SCA)

System inventory

Malware detection

Active response

Container security

Cloud security

--> Centralizeed server for Wazuh server: https://documentation.wazuh.com/current/installation-guide/wazuh-server/index.html

The Wazuh server analyzes the data received from the Wazuh agents, triggering alerts when threats or anomalies are detected. It is also used to remotely manage the agents' configuration and monitor their status

--> Wazuh Dashboard, web interface for mining, analyzing, and visualizing security data

--> https://documentation.wazuh.com/current/installation-guide/wazuh-dashboard/index.html

This central component is a flexible and intuitive web interface for mining, analyzing, and visualizing security data. It provides out-of-the-box dashboards, allowing you to seamlessly navigate through the user interface.

With the Wazuh dashboard, users can visualize security events, detected vulnerabilities, file integrity monitoring data, configuration assessment results, cloud infrastructure monitoring events, and regulatory compliance standards.

PreviousSecurity NextApplication

Last updated 1 year ago

Was this helpful?