Soluții

Noul AI de la Apple în Europa: iOS 18.4

Recent, Apple a lansat iOS 18.4, care aduce funcționalitățile Apple Intelligence și în Europa, după ce au fost inițial disponibile doar în anumite regiuni din lume. Acest update include o serie de funcții avansate, printre care se numără Image Playground, îmbunătățiri ale asistentului Siri, și integrarea cu ChatGPT pentru a detecta obiecte în poze.

[mai mult...]

How to integrate DFIR Iris with Wazuh

  1. Locate Customer ID Access the DFIR-IRIS dashboard using an administrator account, then go to Advanced > Customers and choose the customer you wish to integrate. Record the Customer ID.

  2. Retrieve API Key Get the API key for the current DFIR-IRIS user by clicking on the username and choosing My settings. Copy this API key and keep it safe for integrating the Wazuh server.

  3. Create and Configure the Integration Script

    • Create a script file named /var/ossec/integrations/custom-wazuh_iris.py and add the script to forward alerts to DFIR-IRIS.

    • Modify the script by setting the alert_source_link to the Wazuh dashboard IP address and the alert_customer_id to the ID of the customer as it appears on the DFIR-IRIS dashboard.

    • Set the ownership and permissions of the /var/ossec/integrations/custom-wazuh_iris.py file:

      bash
      chmod 750 /var/ossec/integrations/custom-wazuh_iris.py
      chown root:wazuh /var/ossec/integrations/custom-wazuh_iris.py

  4. Configure Wazuh Add the following configuration to the /var/ossec/etc/ossec.conf file to send alerts to DFIR-IRIS:

    xml
    <ossec_config>
    <integration>
    <name>custom-wazuh_iris.py</name>
    <hook_url>https://<IRIS_IP_ADDRESS>/alerts/add</hook_url>
    <level>7</level>
    <api_key><IRIS_API_KEY></api_key>
    <alert_format>json</alert_format>
    </integration>
    </ossec_config>

    Make sure to replace <IRIS_IP_ADDRESS> with the actual IP address of your IRIS instance and <IRIS_API_KEY> with your IRIS API key. You can adjust the <level> to the desired threshold for alerts.

  5. Restart Wazuh Manager Restart the Wazuh manager to apply the changes.

    bash
    service wazuh-manager restart
[mai mult...]

How to start implementing Wazuh

1. Install the Wazuh server The Wazuh server is the central component that collects and analyzes data from Wazuh agents. It consists of the Wazuh manager and Filebeat. The Wazuh manager analyzes data and triggers alerts, while Filebeat forwards alerts and archived events to the Wazuh indexer.

    • You’ll need root user privileges to run the commands.

    • Add the Wazuh repository:

      • For RPM-based systems (CentOS, Red Hat, etc.):

        bash
        rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
        echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo

      • For Debian-based systems (Ubuntu, Debian, etc.):

        bash
        apt-get install gnupg apt-transport-https
        curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
        echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
        apt-get update

    • Install the Wazuh manager package using your system’s package manager.

    • Alternatively, use the Wazuh installation assistant:

      bash
      curl -sO https://packages.wazuh.com/4.11/wazuh-install.sh
      bash wazuh-install.sh --wazuh-server <node_name>

      Replace <node_name> with the name used in config.yml.

    • Disable Wazuh updates to prevent accidental upgrades by executing the following commands:

      • For RPM-based systems:

        bash
        sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo

      • For Debian-based systems:

        bash
        sed -i "s/^deb /#deb /" /etc/apt/sources.list.d/wazuh.list
        apt update

  2. Install the Wazuh indexer The Wazuh indexer is a scalable full-text search engine that provides security, alerting, and performance analysis.

    • First, generate SSL certificates:

      bash
      curl -sO https://packages.wazuh.com/4.11/wazuh-certs-tool.sh
      curl -sO https://packages.wazuh.com/4.11/config.yml

    • Edit ./config.yml to replace node names and IPs.

    • Run the certificate tool:

      bash
      bash ./wazuh-certs-tool.sh -A

    • Compress the certificate files:

      bash
      tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
      rm -rf ./wazuh-certificates

    • Copy the wazuh-certificates.tar file to all nodes.

    • Install any missing package dependencies:

      • For RPM-based systems:

        bash
        yum install coreutils

      • For Debian-based systems:

        bash
        apt-get install debconf adduser procps

    • Add the Wazuh repository (see step 1).

    • Install the Wazuh indexer package.

Install the Wazuh dashboard The Wazuh dashboard provides a web interface for visualizing and managing your security data.

    • Install any missing packages:

      bash
      yum install libcap

    • Install the Wazuh dashboard package:

      bash
      yum -y install wazuh-dashboard

    • Configure the Wazuh dashboard by editing /etc/wazuh-dashboard/opensearch_dashboards.yml5.

    • Deploy the certificates:

      bash
      NODE_NAME=wazuh-demo
      mkdir /etc/wazuh-dashboard/certs
      tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
      mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
      mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
      chmod 500 /etc/wazuh-dashboard/certs
      chmod 400 /etc/wazuh-dashboard/certs/*
      chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
      ll /etc/wazuh-dashboard/certs/

    • Enable and start the Wazuh dashboard service:

      bash
      systemctl daemon-reload
      systemctl enable wazuh-dashboard --now

  2. Install and configure Wazuh agents Deploy Wazuh agents to the endpoints you want to monitor. These agents collect data and send it to the Wazuh server for analysis.

  3. Access the Wazuh web UI Open Kibana in your web browser and navigate to the Wazuh app to view dashboards and alerts.

After installing the Wazuh server and agents, you can monitor and manage your IT environment’s security, customize rules, analyze logs, and configure compliance policies.

[mai mult...]

5 Ways to make your word document easy to navigate

A Word document that is difficult to navigate is pretty much useless, even if it’s full of amazing content. That’s why you should take some time to ensure people (including you!) can easily find their way around your work without losing patience.

Tip: Whenever you’re formatting or editing a Word file, press Ctrl+Shift+8 to turn on the non-printing characters (and use the same keyboard shortcut to hide them again). This will make seeing the document’s layout much easier.

[mai mult...]