wazuh-documentation icon indicating copy to clipboard operation
wazuh-documentation copied to clipboard
verified publisher icon wazuh

Improve guide for 'How to integrate YARA with Wazuh'

Open jftuduri opened this issue 3 years ago • 1 comments

Related issue
https://github.com/wazuh/wazuh/issues/13995
Wazuh version Component Install type Platform
4.3 Active Response Manager/Agent any

Description

Perfoming E2E UX tests for Release 4.3.5 - Release Candidate 1 - Active Response #13995 for blog post 'How to integrate YARA with Wazuh' we found that the post seems to be outdated and incomplete. It is not clear what are the steps to generate the alerts. To test this functionality we used this PoC guide. This guide could be improved in the following ways:

  • Add installation and configuration steps for different OSs besides Ubuntu (Manager: RHEL, Centos. Agent: RHEL, CentOS, macOS, Windows). It should include windows scripts for active response and malware download.
  • Include a prerequisites section. It could explain how to install yara and jq on different platforms.

jftuduri avatar Jun 28 '22 16:06 jftuduri

From v4.8.0-alpha2 tests it doesn't seem to be an issue any longer. Closing this issue should be considered now.

javimed avatar Jan 16 '24 14:01 javimed