Custom rules to detect malware IOC

As cyber threat actors become creative in compromising systems, new malware variants are rising. These variants come with new behavioral patterns and Indicators of Compromise (IOCs) requiring new detection rules. Wazuh has an out-of-the-box rich set of rules that detect attacks, intrusions, software misuse, configuration problems, application errors, malware, rootkits, system anomalies, and security policy violations. These rules are maintained and updated on every release of the product to increase its detection capability. You can visit our repository on GitHub to view the rules in detail.

To stay current with malware evolution, you can create custom rules to detect these IOCs and behavioral patterns. To learn more about our ruleset, visit the ruleset documentation. You can also learn how to create custom rules and decoders from this section of our documentation.