This post has been de-listed (Author was flagged for spam)
It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.
Hello,
I am using Wazuh 4.7.2 and trying to detect a port scan attack for a Windows endpoint.
My setup is:
- Wazuh Manager is a .ova VM
- Wazuh agent (target) is on my Windows laptop where the .ova VM is also running
- Suricata installed on the same laptop as the Wazuh agent
- Kali Machine (attacker) is on my Windows laptop, different VM
I followed the documentation from this link: https://wazuh.com/blog/responding-to-network-attacks-with-suricata-and-wazuh-xdr/
Nevertheless, even if I see other Suricata-generated alerts, I cannot see the Nmap scan. Also, as a result, the IP of my Kali machine is not getting blocked as it should happen according to the documentation.
Another issue that I have is that when I try to ping my agent from my Kali machine, there is no alert generated. This should happen since port scanning is somehow similar to a ping.
Any ideas on what I should check/modify?
Thank you.
Post Details
- Posted
- 8 months ago
- Reddit URL
- View post on reddit.com
- External URL
- reddit.com/r/Wazuh/comme...