FOR A PROJECT

Hey I got a task to create a Suricata rule to detect the failed login credentials while logging to Wazuh, can anyone help me to fix it please. Thank you
G
Gamerboy24d ago
Really need help hello?
E
E-Man24d ago
Devil is in the details, can you show me the rule?
G
Gamerboy24d ago
@E-Man hai hey So ya , I need a rule in suricata to show an alert of succesfull login that login should be show as an security alerts in wazuh dashboard all the rules i added is not triggering idk why
N
_null24d ago
Please remember that we don't have access to your configuration. It would be helpful to provide screenshots or more precise details.
E
E-Man24d ago
Are you sure Suricata is forwarding logs to Wazuh? It’s been a little while since I’ve used the tools but generally with detections there are 3 possible issues. Telemetry- Are you receiving the logs in the correct location? Taxonomy- Are the logs correctly tagged and processed. Logic- is the rule logic correct
N
_null24d ago
You mentioned a successful login... To what service? If I understand your question, you haven't written the rule? Here's an example rule for SSH: 
alert tcp any any -> any 22 (msg:"Failed SSH Login Attempt"; flow:to_server,established; content:"SSH-"; depth:4; content:"Failed password"; nocase; classtype:attempted-recon; sid:1000001; rev:1;)
alert tcp any any -> any 22 (msg:"Failed SSH Login Attempt"; flow:to_server,established; content:"SSH-"; depth:4; content:"Failed password"; nocase; classtype:attempted-recon; sid:1000001; rev:1;)
Without more details it's hard to assertain where your problem lies. Like E-Man suggested, it could be an issue at any point of the process. To fix it, you need to verify every link of the "chain."
G
Gamerboy22d ago
ok so my job is to create rules for scada bra which is integrated with wazuh suricata as installed on cada br (ip of scada br is 192.168.0.110) so when i login to by local web server having an ip of scada br i need a rule that triggers an alert of login also a rule when we log out multiple failed attempt
More Posts
How to access my VM when setting up my virtual router?I am trying to understand how I'm supposed to access my VM and also setup my pfsense router. My issuBeef over WANso i have a practical where i have to setup Beef over WAN so i use ssh -R 80:localhost:3000 nokey@losolution for cgnati need a solution to port forward from home server running win11 over network while connected to a cManaged Devices from Microsoft to Google WorkspaceDoes anybody have any experience migrating a company from Microsoft to Google Workspace? The companyTestBedMy group has been given a task to make a responsive testbed. My test bed consists of qubo smart bellHelp With My Dissertation Project.Hey guys just need some help with my project. Basically what i need is a lot of malware files or virVirtual Box kali linux issuehelp me with it plsNetwork Helpso i have a rgh xbox 360 and i host a stealth server( for xbox 360) and this dude sends thousands ofI need help! on OT/ICSHello, I need some help. If anyone knows about Operational Technology (OT) and Industrial Control Syissue with flutter codeanybody has notes for Disassembler vs. Decompilerbecause i wants to make a presentation about this, so if anyone have some note or book to refer it whacked problemFrom the beginner point of view how to know whether a pc is hacked or not and if then how to solve tGeneral questionDoes anybody know of an extension/website or a VPS where I can simulate an ubuntu environment and inMalware how to removeCan anyone help me with this program that showed ob my laptop i cant remove it , its called x firefoneed help on AIHello i am a student and I have an end year project about detecting DNS attacks with AI but I don't Zoom Phone OffboardingI work for a company that recently switched to Zoom and I am having trouble figuring out how to handBlocking ads via the Windows FirewallAd Blocker is a type of software whose purpose is to block advertisements that appear on websites. CVNC server Windows 10which vnc is reliable and after chosen one how to set up it to connect with a vnc viewer.Computer Had a stroke now everything loads super slow...Hello, my computer recently randomly started acting up and became super slow.. Impossible to click oSSL stripping and detecting a possible malware infectionHey folks, can someone with cyber security skills assist me with something? I rented a bedroom wher