Hello Tekletsadik Tadesse, Wazuh has a module called "Security Configuration Assessment (SCA)" to provide the user with the best possible experience when performing scans about hardening and configuration policies.
SCA performs scans in order to discover exposures or misconfigurations in monitored hosts. Those scans assess the configuration of the hosts by means of policy files, that contains rules to be tested against the actual configuration of host. For example, SCA could assess whether it is necessary to change password related configuration, remove unnecessary software, disable unnecessary services, or audit the TCP/IP stack configuration. Policies for the SCA module are written in YAML format. Furthermore, Wazuh is distributed with a set of policies, most of them based on the CIS benchmarks, a well-established standard for host hardening. You can find more information about it in this section of the documentation https://documentation.wazuh.com/3.11/user-manual/capabilities/sec-config-assessment/index.html#security-configuration-assessment and this section https://documentation.wazuh.com/3.11/user-manual/capabilities/sec-config-assessment/how_it_works.html if you want to know how this SCA module works. In addition, you can create new custom policies. See an example in this section of the documentation https://documentation.wazuh.com/3.11/user-manual/capabilities/sec-config-assessment/creating_custom_policies.html You can also take a look at this section of the documentation https://documentation.wazuh.com/3.11/user-manual/capabilities/sec-config-assessment/use_case.html to see an use case example. I hope this information is helpful to you, and if you have any questions, please don't hesitate to ask us :) Regards. Jonathan M.V On Tuesday, January 14, 2020 at 10:45:02 AM UTC+1, Tekletsadik Tadesse wrote: > > hello team; > how wazuh works for asset management?? > > > Tekletsadik T. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ossec-list/5a9a3b16-bdbc-47cb-8a54-5b80c5801db2%40googlegroups.com.
