Timbo Smash

Read it, Smash it!

wazuh

  • Smashing some custome wazuh to detect data dumps from git

    Not going to get into super detail but webhook to get the push and pulls into Wazuh. 1 Configure wazuh to accept the logs inputs for github in ossec.conf 2. Create a decoader in using regex /var/ossec/etc/decoders/local_decoder.xml <regex>.*”pull_request”:.*</regex> <regex>.*”pusher”:.*</regex> 3. Create rules to file and record: /var/ossec/etc/rules/local_rules.xml <rule id=”100100″ level=”3″> <decoded_as>github-push</decoded_as> <rule id=”100101″ level=”3″> <decoded_as>github-pull</decoded_as> Read more

  • I smashed Wazuh back in the day

    I really liked wazuh, but with AI Wazuh is going ot have to step up the game. Great for small shops but next level for wazuh has to be AI and building models now. They are data rich and I could have some fun smashing some AI ideas with it. Read more