Wazuh, A comprehensive open source security monitoring platform presented at BSidesChicago 2018

by Alberto González, José Luis Ruiz,

Summary : HIDS (Host-based Intrusion Detection Systems) have become increasingly important as the number and severity of threats is growing continuously. One of the main reasons of HIDS adoption is that enterprise servers are no longer only running on traditional data centers, but also on IaaS platforms (e.g. Amazon AWS or Azure), where the deployment of NIDS (Network Intrusion Detection Systems) is a difficult, expensive and not as efficient as it used to be. In addition, malware is now smarter and harder to detect at a network level, since most malware artifacts use ciphered channels and standard protocols to communicate with remote systems (e.g. C&C servers).Wazuh is a comprehensive open source platform used by thousands of active enterprise users, some of them in the Fortune 100 list, and has also a well-established Open Source community.In this session, we will explain and demo some of the main capabilities and how Wazuh uses Elastic Stack to provide a centralized alert management platform, with custom dashboards to monitor your environment and your compliance level with PCI DSS. Some of the items of this talk will be: