Hi, thanks for your vídeo, as always very good. If my DNS windows request a malicious domain, it's possible create a active response to the wazoo client drop the IP or the domain in the firewall or something like that? When another PC request a DNS for my DNS server and he can't resolve (because they are droped), would avoid a lot of problems. Sorry about my text, English is not native language.
In theory I think we could call another active response script that adds the malicious domain to the local hosts file on the windows box with the domain name pointing to the loop back addresss. Interesting concept that I will explore and hopefully be able to bring to a video! Thanks for watching!
@@hamidasgari337 Unfortunately you need version 4.2.0 and above to take advantage of the new active response capability that we use in the PowerShell script. If you need assistance with upgrading, check out one of our previous videos: ruclips.net/video/bgfD_w7PN-E/видео.html&t Thanks for watching :)
Awesome. Very underrated channel. Super info
Hello Taylor, great video, thanks for the contribution, on the subject for a business network, do you have any limit to the domains to be analyzed?
Great video, thank you!
One question what happens when it does see a repeated domain what is the message then?
Hi, thanks for your vídeo, as always very good.
If my DNS windows request a malicious domain, it's possible create a active response to the wazoo client drop the IP or the domain in the firewall or something like that? When another PC request a DNS for my DNS server and he can't resolve (because they are droped), would avoid a lot of problems.
Sorry about my text, English is not native language.
In theory I think we could call another active response script that adds the malicious domain to the local hosts file on the windows box with the domain name pointing to the loop back addresss. Interesting concept that I will explore and hopefully be able to bring to a video! Thanks for watching!
Or you can use n8n to look at this process and start a script, in n8n you can do a webhook from Elasticsearch
Hi, thanks for your vídeo, It Will be implemented on version 3.13?
Hey Hamid, apologies but I am a little lost on what you mean by 3.13. Could you please explain more and I would love to help out?
Thanks for watching!
@@taylorwalton_socfortress I mean wazuh server version 3.13
@@hamidasgari337 Unfortunately you need version 4.2.0 and above to take advantage of the new active response capability that we use in the PowerShell script. If you need assistance with upgrading, check out one of our previous videos: ruclips.net/video/bgfD_w7PN-E/видео.html&t
Thanks for watching :)
Sysmom malware hunting