SIEM Monitoring using Wazuh by Francis Jeremiah

(3,025 views)

Objective: Carry out an API Attack on an API of your choice then implement a SIEM of your choice to show the logs of all events. Background This lab was created to simulate an API Attack and capture the reflecting impacts on the server or machine that it is being targeted on. The components are Wazuh, Kali Linux and DC-1(Victim). In this lab the vulnerability that is going to be exploited is CVE-2018–7600, https://nvd.nist.gov/vuln/detail/CVE-2018-7600. This vulnerability can enable remote code execution and results from insufficient input validation on the Drupal 7 Form API. More information about the API and it’s weakness can be found here: https://unit42.paloaltonetworks.com/unit42-exploit-wild-drupalgeddon2-analysis-cve-2018-7600/ Implementation This exercise is going to be created using VMs created in VirtualBox. The components include SIEM — Wazuh: SIEMs( Security Information and Events Management systems) are tools used to aggregate and analyze security-related events and incidents. SIEMs generally do the following below: Data collection —....

September 16, 2021
Subscribe
Notify of
guest
3 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Mike
Mike
1 year ago

I still have a question how do you login to the vulnerable machine, with no credentials provided?

Mike
Mike
1 year ago

Hi thanks for the writeup but I’m unable to to access wazuh url from the host machine but can ping it from host.

Mike
Mike
1 year ago
Reply to  Mike

I figured it out, it was my browser (brave) that wouldn’t let me connect

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.