🚧Switching to Wazuh for Threat Hunting/Forensic analysis 🚧

Topology

TH-Toplogy.png

VM Architecture

Name: Parrot VM Box (Attack Box)

IP: 192.168.80.3

Name: Win Machine(Target Box)

IP: 192.168.80.4

Network Adapter: enp0s8

Checklist

  1. Setup the log forwarder(WEF) on client machies & SIEM(Win→ Sysmon) (sample sources: process, reg, file, network events)
  2. Setting up the lab env.
  3. Theory.
  4. Build alerts for endpoints with enrolled SIEM agent.
  5. Create security policies to launch playbooks.

SIEM Agents Enrolled