creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/configuring-host-based-intrusion-detection/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

48 lines
1.5 KiB
Markdown
Raw Blame History

# Host-Based Intrusion Detection — API Reference
## Libraries
| Library | Install | Purpose |
|---------|---------|---------|
| requests | `pip install requests` | Wazuh REST API client |
| osquery | Binary install | SQL-based host inspection |
| hashlib | stdlib | File integrity hash computation |
## Wazuh API Endpoints
| Method | Endpoint | Description |
|--------|----------|-------------|
| POST | `/security/user/authenticate` | Obtain JWT token |
| GET | `/agents` | List managed agents |
| GET | `/agents/{id}` | Agent details |
| GET | `/sca/{agent_id}` | Security Configuration Assessment results |
| GET | `/rootcheck/{agent_id}` | Rootkit check results |
| GET | `/alerts` | Query security alerts |
| GET | `/rules` | List detection rules |
## Key osquery Tables
| Table | Description |
|-------|-------------|
| `processes` | Running processes with user, path, cmdline |
| `listening_ports` | Open network ports and bound processes |
| `users` | System user accounts |
| `file` | File metadata and hashes |
| `suid_bin` | SUID/SGID binaries |
| `crontab` | Scheduled cron jobs |
## OSSEC Rule IDs
| Rule ID Range | Category |
|---------------|----------|
| 500-599 | File integrity monitoring |
| 5700-5799 | SSH authentication |
| 18100-18199 | Linux audit events |
| 31100-31199 | Web attack detection |
## External References
- [Wazuh API Reference](https://documentation.wazuh.com/current/user-manual/api/reference.html)
- [osquery Schema](https://osquery.io/schema/)
- [OSSEC Rule Syntax](https://www.ossec.net/docs/syntax/head_rules.html)
Reference in New Issue View Git Blame Copy Permalink