Using Wazuh Stack to run Network Scans

Intro

Wazuh and NMAP integration to scan network subnets for open ports and services.

Requirements

Python-nmap

Python-nmap is a python library which helps in using nmap port scanner. It allows to easilly manipulate nmap scan results and will be a perfect tool for systems administrators who want to automate scanning tasks and reports. It also supports nmap script outputs.

Python script run on agents

Scripts and detection rules (Wazuh Manager) can be found here

Network Scan

Summary of network scans run by all Wazuh agents

Network Scan — Summary
Network Scan —Products
Network Scan — CPEs
Network Scan — Full Info

--

--

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SOCFortress

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).