Skip to content

fusuyfusuy/wazuh_local_rules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
local_rules.xml
local_rules.xml
 
 
parse.py
parse.py
 
 
parsed_rules.xml
parsed_rules.xml
 
 
wazuh-sample.xml
wazuh-sample.xml
 
 

Repository files navigation

As a graduation project, we created an EDR system using Sysmon and Wazuh. Creating logs and getting them to Wazuh server were easy. The problem was to generate alerts and mapping logs to MITRE ATT&CK framework. Wazuh needs custom rules to generate alerts.

We parsed and edited the rules to add MITRE ATT&CK mapping.

About

Wazuh rules to add sysmon support

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages