From the course: Kali Purple Essential Training
Join today to access over 24,000 courses taught by industry experts.
Monitoring an attack with Wazuh - Purple Tutorial
From the course: Kali Purple Essential Training
Monitoring an attack with Wazuh
Let's run our workshop attack again, and this time monitor the activity with Wazuh. We're at the Wazuh detection screen with our monitoring set to show 15 minutes of activity and to refresh every 10 seconds. We do have some alerts showing, but these relate to routine activity on app02, which is advised due to the possibility that it may be malicious. At this stage, these are false positive alerts. We've got our learning.py script running in our Kali attack VM. So let's open a browser tab and check out our attack. Http://192.168.1.100/check. And we're asked to enter our offsec, offsec credentials. And we can see the attack is at Stage 0 of 3. Okay. Let's start the attack. And we'll set the mutex to -2. And then go back and watch the Wazuh screen. The expression -2 means run the attack through to and including Stage 2, which in our case means we'll run the whole attack. We'll wait for a few seconds to let the attack Stage 1 start. Okay. We're starting to see a number of alerts pop up…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
Installing the Wazuh SIEM5m 24s
-
(Locked)
Installing a Wazuh Linux agent3m 20s
-
(Locked)
Installing a Wazuh Windows agent1m 32s
-
(Locked)
Collecting NGINX logs in Wazuh5m 20s
-
(Locked)
Monitoring an attack with Wazuh4m 48s
-
(Locked)
Detecting webshells with Wazuh7m 42s
-
(Locked)
Activating vulnerability scanning3m 45s
-
-
-
-
-