Malware detection

Wazuh offers several capabilities that support malware detection. The following methods achieve these detections:

These components of Wazuh help to comply with the following HIPAA sections:

  • Security Awareness and Training §164.308(a)(5)(i) - Protection from Malicious Software: “Procedures for guarding against, detecting, and reporting malicious software.”

    This section of the HIPAA standard requires you to have procedures to detect and remove malicious software. The Wazuh malware detection capability implements this HIPAA section with the aid of out-of-the-box rules, VirusTotal and YARA integration, and the use of CDB lists. The rootcheck component of Wazuh also detects abnormal behavior in monitored endpoints. These capabilities help support this HIPAA section.

    We show a use case of how to detect a rootkit.