Tag: Blue Team

  • Elevate Security with Anomaly Detection in Wazuh

    Elevate Security with Anomaly Detection in Wazuh

    The current Wazuh stack (Version 4.7.*) does not have the Anomaly detection plugin out-of-the-box, this article describes how to install/configure it in a docker and standard installation. The Anomaly detector uses the Random Cut Forest (RCF) algorithm for automatic, near-real-time anomaly detection. This unsupervised machine learning algorithm calculates anomaly grades and confidence scores to distinguish…