Wazuh - Backdoor Analysis with FIM

Wazuh - Backdoor Analysis with FIM is an endpoint detection lab focused on file integrity monitoring.

The scenario is about recognizing when file changes are not routine administration but evidence of persistence or backdoor deployment. A SOC analyst needs to review the changed path, timing, file context, host role, and alert details before deciding whether the event is suspicious.

This lab helps learners practice Wazuh alert triage, FIM-based investigation, and the connection between file changes and persistence techniques.

Related Labs​

• Wazuh - Cron Job Persistence Analysis
• Wazuh - Indicator Removal Analysis
• Wazuh - System Discovery Analysis
• Wazuh - OS Credential Dumping Analysis