Practical Applications of Wazuh in On-premises Environments
Javid, Hafiz (2024)
2024
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2024060420628
https://urn.fi/URN:NBN:fi:amk-2024060420628
Tiivistelmä
This thesis demonstrates the capability of Wazuh, an open-source cybersecurity tool, in deployment as the Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) platform within on-premises environments. The main objective of this research was to examine how Wazuh can identify and mitigate vulnerabilities while automating threat detection and response operations. The main research questions aimed to determine whether the deployment of Wazuh was indeed one of the most effective cybersecurity defenses and overall capabilities as both SIEM and XDR solutions.
The research incorporated a practical approach, integrating a broad theoretical review to determine the development and implementation phases. This thesis overviewed the basic understanding of fundamental concepts of cybersecurity, CIA triad. The experiment continued by turning into a hands-on session that built a virtual lab model of Ubuntu, Kali Linux, and Windows OS that used under Wazuh monitoring and management. Numerous types of data collection used throughout the process: performing simulated attack scenarios with Atomic Red Team, using VirusTotal to improve threat detection and applying the FIM technology. Moreover, port scanning and brute force attack from Kali Linux to Ubuntu shown the capabilities of Wazuh in detecting and mitigating real-world threats.
The execution of the study depicts that Wazuh is a powerful tool in cybersecurity management, portraying remarkable features such as swift real time threat detection and incident response. The joint of Wazuh and VirusTotal integration substantially amplified the capacity to discover and block threats. On the other hand, Atomic Red Team simulations provided significant evidence of correct performance of Wazuh to real cyber-attack approaches. Therefore, use of Wazuh can help businesses to enhance the defensive strategy. Moreover, everything will be carried further as Wazuh might be researched to locate in the cloud and on containers to ensure that the cybersecurity world sphere will not cease to grow.
The research incorporated a practical approach, integrating a broad theoretical review to determine the development and implementation phases. This thesis overviewed the basic understanding of fundamental concepts of cybersecurity, CIA triad. The experiment continued by turning into a hands-on session that built a virtual lab model of Ubuntu, Kali Linux, and Windows OS that used under Wazuh monitoring and management. Numerous types of data collection used throughout the process: performing simulated attack scenarios with Atomic Red Team, using VirusTotal to improve threat detection and applying the FIM technology. Moreover, port scanning and brute force attack from Kali Linux to Ubuntu shown the capabilities of Wazuh in detecting and mitigating real-world threats.
The execution of the study depicts that Wazuh is a powerful tool in cybersecurity management, portraying remarkable features such as swift real time threat detection and incident response. The joint of Wazuh and VirusTotal integration substantially amplified the capacity to discover and block threats. On the other hand, Atomic Red Team simulations provided significant evidence of correct performance of Wazuh to real cyber-attack approaches. Therefore, use of Wazuh can help businesses to enhance the defensive strategy. Moreover, everything will be carried further as Wazuh might be researched to locate in the cloud and on containers to ensure that the cybersecurity world sphere will not cease to grow.