開源的 XDR 平台!感覺安裝不會太難,但要On Premise維運不知能不能做到?
Wazuh is a free and open source security platform that unifies XDR and SIEM protection for endpoints and cloud workloads.
端點(
agent)支援的作業系統有 Linux, Windows, macOS
The Wazuh agent is multi-platform and runs on the endpoints that the user wants to monitor. It communicates with the Wazuh server, sending data in near real-time through an encrypted and authenticated channel.
然後
概念驗證(POC)章節有提到怎麼觸發告警
- Detecting suspicious binaries
- File integrity monitoring
- Detecting an SQL injection attack
- Vulnerability detection
沒有留言:
張貼留言