Custom Alert Rules in Wazuh
Premium roomLearn how to create rules in Wazuh for your environment.
easy
60 min
10,015
To access material, start machines and answer questions login.
In the previous room, , you learned about basic concepts: decoders and rules. Out of the box, has a comprehensive set of pre-configured rules, but there are still scenarios or risks unique to an organisation that these rules may not cover. To compensate for this, organisations can create custom alert rules, which is the focus of this room.
Learning Objectives
- Learn how important data is extracted from logs using Decoders
- Learn how alerts are triggered using custom Rules
- Learn how to add new rules to extend detection capabilities
- Learn how to simulate a real-world attack to test existing rules
Prerequisites
- If you need a high-level overview of features, visit the intro room
- relies on regex, so brush up by checking out the Regular Expressions room
- We'll use logs as an example for this room, so consider the room
Machine Access
We will interact with the dashboard and server installed on a virtual machine for this room. Start the virtual machine in split-screen view by clicking on the green "Start Machine" button on the upper right section of this task. If the is not visible, use the blue Show Split View button at the top-right of the page. Leave the running for 5 minutes for to finish setting up. The steps to access the dashboard and server will be given in later tasks.
Ready to learn Cyber Security?
The Custom Alert Rules in Wazuh room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in