1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

1.  When was Wazuh released?

2015

2. 
What is the term that Wazuh calls a device that is being monitored for suspicious activity and potential security threats?

agent

3.
Lastly, what is the term for a device that is responsible for managing these devices?

manager

1
2
3
4
5
6
7
8
9

1.
How many agents does this Wazuh management server manage?

2

2.
What are the status of the agents managed by this Wazuh management server?

disconnected

1
2
3
4

1.
How many "Security Event" alerts have been generated by the agent "AGENT-001"?

196

1
2
3
4
5
6
7
8
9

1.
What is the name of the tool that we can use to monitor system events?

sysmon

2.
What standard application on Windows do these system events get recorded to?

event viewer

1
2
3
4

1.
What is the full file path to the rules located on a Wazuh management server?

/var/ossec/ruleset/rules

1
2
3
4
5
6
7
8
9

1.
What application do we use on Linux to monitor events such as command execution?

auditd

2. 
What is the full path & filename for where the aforementioned application stores rules?

/etc/audit/ruled.d/audit.rules

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

1.
What is the name of the standard Linux tool that we can use to make requests to  the Wazuh management server?

curl

2.
What HTTP method would we use to retrieve information for a Wazuh management server API?

GET

3.
What HTTP method would we use to perform an action on a Wazuh management server API?

PUT

4.
Use the API console to find the Wazuh server's version.

v4.2.5

1
2
3
4

1.
Analyse the report. What is the name of the agent that has generated the most alerts?

agent-001