Thanks for watching! Interesting question, I have never tried something like this and maybe it can be done, however, it may not be needed as Wazuh already has the ability to perform active responses to block threats, achieving similar results as CrowdSec. I have linked the user manual below covering this if you would like to try it. documentation.wazuh.com/current/user-manual/capabilities/active-response/index.html
Hi, thanks for watching! Zenarmor and Crowdsec are two different products. Zenarmor is useful if you need to filter egress network traffic, deep packet inspection, application/web content filtering etc. Whereas CrowdSec is a community-fed malicious IP address database that can be used to block bad actors trying to for example brute force attack your systems, or like in the case of the video trying to run SQL injection attacks on your unsanitized input fields.
These videos are just so GOOD!!!
Your OPNsense videos made me subscribe no questions asked. Keep up the amazing work
wow, I like open source security software :)
Nice! I will deploy this. Thank you! I'm subscribed
Hi! Thanks for your amazing videos about OPN!!
As you know, is there a possibility to implement WAF on HAProxy as on Nginx?
Thx man!
Great video! Could the Wazuh install also create rule sets in real time for bad actors?
Thanks for watching! Interesting question, I have never tried something like this and maybe it can be done, however, it may not be needed as Wazuh already has the ability to perform active responses to block threats, achieving similar results as CrowdSec. I have linked the user manual below covering this if you would like to try it.
documentation.wazuh.com/current/user-manual/capabilities/active-response/index.html
@@ls111cyberEd Thank you! I will check those resources out. Active response is ideal to isolate the compromised end points.
Does this basically replace ZenArmor?
Hi, thanks for watching! Zenarmor and Crowdsec are two different products. Zenarmor is useful if you need to filter egress network traffic, deep packet inspection, application/web content filtering etc. Whereas CrowdSec is a community-fed malicious IP address database that can be used to block bad actors trying to for example brute force attack your systems, or like in the case of the video trying to run SQL injection attacks on your unsanitized input fields.
hsa this been updated recently?