Wazuh

• When was Wazuh released?

2015

• What is the term that Wazuh calls a device that is being monitored for suspicious activity and potential security threats? 

Agent

• Lastly, what is the term for a device that is responsible for managing these devices?

Manager

• How many agents does this Wazuh management server manage?

2

• What are the status of the agents managed by this Wazuh management server?

Disconnected

• How many "Security Event" alerts have been generated by the agent "AGENT-001"?

Note: You will need to make sure that your time range includes the 11th of March 2022

196

• What is the name of the tool that we can use to monitor system events?

sysmon

• What standard application on Windows do these system events get recorded to?

event viewer

• What is the full file path to the rules located on a Wazuh management server?

/var/ossec/ruleset/rules

• What application do we use on Linux to monitor events such as command execution?

auditd

• What is the full path & filename for where the aforementioned application stores rules?

/etc/audit/rules.d/audit.rules

• What is the name of the standard Linux tool that we can use to make requests to  the Wazuh management server?

curl

• What HTTP method would we use to retrieve information for a Wazuh management server API?

get

• What HTTP method would we use to perform an action on a Wazuh management server API?

put

• Use the API console to find the Wazuh server's version.

Note: You will need to add the "v" prefix to the number for this answer. For example v1.2.3

v4.2.5

• Analyse the report. What is the name of the agent that has generated the most alerts?

agent-001