CBD lists are used to create a white/black list of users, file hashes, IPs, or domain names. Learn more about how to create CBD lists with Wazuh.

A CDB list is a text file you can use to save a list of users, file hashes, IP addresses, and domain names. You can add entries to a CDB list in key:value pairs or key: only. CDB lists can act as …

2025年2月12日 · If you use the CDB list for the safe commands, you will need to map each combination of parameters and their order as well. You can create a child rule like 100004 to …

2017年6月22日 · Both are good scenarios for using CDB lists. What are they? They are a list of values that are checked against a particular field extracted by a decoder. What we need to do …

2022年3月29日 · In this post, we look at detecting malicious files using their MD5 checksums and a constant database (CDB) list of known malicious MD5 hashes. If a file hash is present in the …

2024年4月26日 · In this blog, we’ll learn about a method called CDB list with active response that helps us detect and remove malware. This method works on both Windows and Linux …

2019年10月18日 · 现有一批高危用户, 需要实时关注该账号的登录情况。由于之前已经写好了一个针对用户登录账号的审计规则, 因此, 这里需要用到**Wazuh CDB list**这个功能(此功能主要用 …

2023年9月14日 · We add the created CDB list to the manager ossec.conf so it is available for use in rules. The list is added to the manager by specifying the path to the list in the <ruleset> block.

2023年11月16日 · Wazuh detects malicious files by checking the presence of their signatures in a CDB list. This CDB list must contain known malware threat intelligence indicators. A CDB list …

Allow for CDB lookups from within rules in OSSEC (ossec-analysisd) of all possible fields. Anything that has a large number of items. Some examples: A rule would use the following …