T-Guard Official Documentation
  • Introduction
    • About T-Guard
    • Architecture
  • Installation
    • Prerequisites
    • Installation Steps
    • Integration Steps
    • Use Case
  • User Manual
    • Wazuh (SIEM)
      • Accessing Wazuh Dashboard
      • Deploying Wazuh Agents
      • Wazuh Fields Description
      • Decoders and Rulers
      • Threat Detection and Response
    • DFIR-IRIS
      • DFIR-IRIS (Digital Forensic Incident Response - IRIS)
      • Accessing DFIR-IRIS Dashboard
      • Using IRIS
  • Demo Testing
    • Brute-force Attacks
    • Malware Detection
    • File Integrity Monitoring
Powered by GitBook
On this page
  • Use Case 1: Malware Detection and Auto-Response
  • Use Case 2: Web Defacement Detection
  1. Installation

Use Case

PreviousIntegration StepsNextUser Manual

Last updated 2 months ago

Use Case 1: Malware Detection and Auto-Response

Execute step 12.

Open your Wazuh page (https://<your_ip>).

It would be appear an event about VirusTotal detect the malware, the deletion of the file, and the activated response regarding to the malware, illustrated in Figure 23.

We can also check in the IRIS to see the ticket that automatic created.

Use Case 2: Web Defacement Detection

Execute step 13.

Before simulate the web defacement, open the given link (http://<your_ip>:3000) in your browser. It will direct you to the example website that created by the script.

Then, start the web defacement. It will change the website appearance.

We can see in the Wazuh for the detection of file content changes. The rule id is 550 with the description is Integrity Checksum Changed.

Figrue 23. Malware Detection and Auto-Response
Figure 24. Auto Generated Ticket of the Real TIme Event
Figrue 25. The Example of Normal Website
Figure 26. The Example of Web Defacement
Figure 27. File Integrity Changes Detected