Blog, Uncategorized

Augmenting Wazuh with DTonomy AIR

  1. By Peter
  2. No Comments

Wazuh is an open-source platform that provides security monitoring solutions which can be used for threat detection, integrity monitoring and compliance.

Wazuh agent can collect and store data and generate alerts from:

  • Log and events data collection

  • File and registry keys integrity monitoring

  • Inventory of running processes and installed applications

Comprehensive Monitoring Creates a High Volume of Alerts 

The Wazuh agents run on many different platforms, including Windows, Linux, Mac OS X, AIX, Solaris and HP-UX. Although it is useful to see data from various sources in a single place, it becomes difficult to manage the huge variety and volume of alerts in the long run. Organizations typically receive thousands of alerts daily and it becomes difficult to manage and address them which leads to unresolved alerts and alert fatigued analysts.  

DTonomy AIR Significantly Reduces Alert Volume 

One of our customers was receiving around 25,000 SIEM alerts daily and managing these were very difficult for them. After starting with DTonomy AIR, they were able to resolve around 15% of their alerts directly using just one of our workflows.

 

Wazuh Playbook DTonomy AIR

One of the large sources of alerts for them were unauthorized access and most of them were generated from several IP addresses. DTonomy AIR integrated the block IP workflow for them, and this helped them block those systems directly which significantly reduced the number of alerts generated.  

Using DTonomy AIR automations, our customer was able to directly reduce 1/3rd of the alerts.

 

Wazuh Workflow DTonomy AIR

Responding to alerts and resolving them without any human intervention is just one of the many benefits our customer now enjoys. Using DTonomy AIR, they are also able to group different types of alerts in a smart way which helps analysts to take action quicker and have a faster Mean Time To Resolution (MTTR). Analysts are able to see the how different types of alerts are correlated with each other and this helps to find the root cause. All of these factors help to manage alerts efficiently and enables organizations to save time and, effort and reduce costs 

DTonomy AIR can easily integrate with SIEM solutions like Wazuh to help manage alerts more efficiently. With out of the box automations, DTonomy AIR can resolve alerts directly and take actions on them without any human intervention. Our solution can also provide semi automation on alerts that may still require some kind of human intervention.  

With advancements in AI and data science, DTonomy AIR is constantly improving and learning from the actions of analysts and alerts. If your company is looking to become hyper-efficient with cybersecurity operations, let us show you what DTonomy AIR can do! 

Book a DTonomy AIR demo – HERE

 

We are pleased to announce that DTonomy is now part of Stellar Cyber. The integrated solution will enhance cyber threat detection and response automation!

Learn more!
X