• User List
• Wazuh Setup
• UFW Docs
• Attack Notes Day 1

User List:

CEO

• Joseph Lewis

DEVS

• Rosa Adams
• Cody Soto
• Ruth Jones
• Dale Monsen (fired)

HR

• Toby Atkinson Anthony Martin Joseph Florian

ACCOUNTING

• Kenneth James Kirstin Summerfield Enrique Stokes

SALES

• Debra Helms Dawn Cason Janet Pagan Emily Saucedo Elena Curtis

Wazuh Setup:

• key request
• ossec configuration path

Attack Notes Day 1

There is a new computer containing work that the ceo needs by eod. high priority.

new login from 192.168.1.161 unknown user sent wall message at 2.39 kicked user from that ip

removed ssh keys from /etc/ssh/key and kicked user.

need investigation as to what resources were accessed.

fired elena curtis

CEO Report of active directory users:

Audit of AD users

Admins cody soto debrah helms domain admin enterprise admin kenneth james Rosa adams Ruth Jones Toby Atkinson

Users

administratory anthony martin cody soto dawn cason debrah helms emily saucedo enrique stokes janet pagan joseph florian joseph lee kenneth james kerberos kirtstin summerfield rosa adams ruth jones student toby atkinson

NOTES

1) * means user should have admin perms 2) if names are misspelled, that just me making a typo 3) this user list is specifically for the AD Domain