Overview
Wazuh - System Discovery Analysis is a SOC lab focused on post-compromise reconnaissance activity.
Discovery commands are often early signals that an attacker is learning the environment before deeper access, lateral movement, or persistence. The analyst needs to understand the command context, the host role, the user involved, and the sequence of nearby events.
This lab is useful for practicing endpoint detection review, attacker behavior interpretation, and alert enrichment around system reconnaissance.
Related Labs
Related trainings
