Cybersecurity Technical Resources: Best Practices, Tools, and Techniques

Wazuh EDR (Endpoint Detection and Response) is a security feature of the Wazuh platform that provides real-time detection and response capabilities for endpoint devices.

It uses a combination of signature-based and behavioral-based detection techniques to identify and alert on potential security threats or anomalies on endpoint devices. Wazuh EDR can be configured to monitor a variety of endpoint activity, such as file and network activity, system logs, and system configurations.

It can also be configured to perform specific actions in response to detected threats, such as quarantining a file or blocking network access.

Wazuh EDR is designed to provide a comprehensive view of endpoint security and to help organizations respond quickly to security incidents.

Elasticsearch is a search engine based on the Lucene library. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents.

Elasticsearch is developed in Java and is released as open source under the terms of the Apache License. Elasticsearch is distributed under the Apache 2.0 license, which means that you are free to use Elasticsearch in any way you want, as long as you preserve the copyright notice and license.

Elasticsearch is a search engine that is used to search and analyze large volumes of data quickly and in near real-time. It is commonly used for log analytics, full-text search, and for indexing, storing, and analyzing document-oriented data. Elasticsearch is highly scalable and can be used to index, search, and analyze data from various sources, including social media, logs, and other applications. It is an important tool for developers and data scientists who work with large datasets.

collecting the data to Elasticsearch done by beats, each beat has a different feature that allows it to filter the logs and transfer it from the various systems to Elasticsearch.

Kibana is an open source app, its free, Kibana app is part of Elastic stack, provides advanced logs management capabilities, provide advance queries options and visual custom dashboard and graph based of logs stored in Elasticsearch SIEM, Kibana app has Additional elasticsearch capabilities that require subscription, such as anomaly detection using machine learning, advanced security management capability such as elastic endpoint protection.

The first step for minimal security settings, including enabling username and password authentication and certificate authentication between Elasticsearch servers

Zeek is an IDS network traffic analyzer with free and open licensing. A large number of companies use this tool for network security (NSM), enabling the investigation of suspicious or malicious activity. Zeek supports a wide range of traffic analysis tasks beyond the security field, including performance measurement and network troubleshooting.