CBD lists are used to create a white/black list of users, file hashes, IPs, or domain names. Learn more about how to create CBD lists with Wazuh.

A CDB list is a text file you can use to save a list of users, file hashes, IP addresses, and domain names. You can add entries to a CDB list in key:value pairs or key: only. CDB lists can act as either allow or deny lists.

2017年6月22日 · Both are good scenarios for using CDB lists. What are they? They are a list of values that are checked against a particular field extracted by a decoder. What we need to do is to create a custom rule that checks if the IP, the user or any other field extracted, are included in …

2022年3月29日 · In this post, we look at detecting malicious files using their MD5 checksums and a constant database (CDB) list of known malicious MD5 hashes. If a file hash is present in the CDB list, a file delete action is taken on it using the Wazuh active response module.

2025年2月12日 · If you use the CDB list for the safe commands, you will need to map each combination of parameters and their order as well. You can create a child rule like 100004 to map the matching parameters...

2024年4月26日 · In this blog, we’ll learn about a method called CDB list with active response that helps us detect and remove malware. This method works on both Windows and Linux computers. Here’s how it works: We keep an eye on our computer’s directories, looking …

Allow for CDB lookups from within rules in OSSEC (ossec-analysisd) of all possible fields. Anything that has a large number of items. Some examples: A rule would use the following syntax to look up a key within a CDB database. This example is a search for the key within the rules/cdb_record_file and will match if they key is present:

2021年9月15日 · Since Wazuh v3.11.0, CDB lists are built and loaded automatically when the analysis engine is started. Therefore, when adding or modifying CDB lists just restart the manager. This message makes...

2023年9月14日 · We add the created CDB list to the manager ossec.conf so it is available for use in rules. The list is added to the manager by specifying the path to the list in the <ruleset> block.

2023年11月16日 · Wazuh detects malicious files by checking the presence of their signatures in a CDB list. This CDB list must contain known malware threat intelligence indicators. A CDB list is a text file you can use to save a list of users, file hashes, IP addresses, and domain names.You can create a list first: The list file is a plain text file.