Merge pull request #6968 from wazuh/enhancement/1486-update-virustota…

…l-malware-detection-capability Add suspicious binary download command
wazuh · Jan 18, 2024 · 9984054 · 9984054
2 parents ffc8536 + 9111242
commit 9984054
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/source/user-manual/capabilities/malware-detection/virus-total-integration.rst b/source/user-manual/capabilities/malware-detection/virus-total-integration.rst
@@ -97,7 +97,22 @@ For this use case, we show how to monitor the folder ``/media/user/software`` on
 
    .. include:: /_templates/common/restart_manager.rst
 
-After restarting, FIM applies the new configuration and monitors the folder you specify in near real time. When FIM detects a new file in the monitored directory, Wazuh generates the alert below:
+After restarting, FIM applies the new configuration and monitors the folder you specify in near real time.
+
+Test the configuration
+^^^^^^^^^^^^^^^^^^^^^^
+
+Now, you can download a malicious file on the endpoint in the monitored folder.
+
+.. warning::
+
+   Download the Eicar file here for testing purposes only. We recommend testing in a sandbox, not in a production environment.
+
+.. code-block:: console
+
+   $ sudo curl -Lo /media/user/software/suspicious-file.exe https://secure.eicar.org/eicar.com
+
+When FIM detects a new file in the monitored directory, Wazuh generates the alert below:
 
 .. code-block:: json
    :class: output