Proof of Concept guide

The Proof of Concept (POC) guide explores how to set up the Wazuh environment to test or demo the different product capabilities. Each POC represents real-world scenarios that users can deploy using specific configurations. In addition, further information is provided to verify the feasibility of the product on how to generate and query the alerts, and the affected endpoints resulting from each POC.

Prerequisites

You need to have these components already installed and running to test the POCs.

  • Wazuh manager and Filebeat

  • Elasticsearch, Kibana, and the Wazuh Kibana plugin

  • A Wazuh agent running on a CentOS 8 system

  • A Wazuh agent running on a Windows system

For an easy installation and setup of the Wazuh manager and Elastic Stack, we recommend downloading our ready-to-use OVA, launching an EC2 Instance with our AMI, or using our unattended installation script.

For more information on how to install the Wazuh components, see the Installation guide. Note that a Wazuh agent cannot be installed on the same machine as the Wazuh manager.

Proofs of concept

Auditing commands run by a user

Amazon AWS infrastructure monitoring

Detecting a brute-force attack

Monitoring Docker

File integrity monitoring

Blocking a malicious actor

Detecting unauthorized processes

Osquery integration

Network IDS integration

Detecting a Shellshock attack

Detecting an SQL Injection attack

Slack integration

Detecting suspicious binaries

Detecting and removing malware using VirusTotal integration

Vulnerability Detector

Detecting malware using Yara integration