Add changes from review

source/compliance/pci-dss/active-response.rst

@@ -1,14 +1,14 @@
 .. Copyright (C) 2015, Wazuh, Inc.
 
 .. meta::
-  :description: Active response allows the execution of scripts when an event matches certain rules in the Wazuh ruleset. Learn more about it in this section.
+  :description: Active Response allows the execution of scripts when an event matches certain rules in the Wazuh ruleset. Learn more about it in this section.
 
 .. _pci_dss_active_response:
 
-Active response
+Active Response
 ===============
 
-Active response allows the execution of scripts whenever an event matches certain rules in your Wazuh ruleset. The actions executed could be a firewall block or drop, traffic shaping or throttling, or account lockout, among others.
+Active Response allows the execution of scripts whenever an event matches certain rules in your Wazuh ruleset. The actions executed could be a firewall block or drop, traffic shaping or throttling, or account lockout, among others.
 
 The Active Response module helps to meet the following PCI DSS requirement:
 

source/getting-started/use-cases/file-integrity.rst

@@ -89,7 +89,7 @@ The Wazuh FIM module supports various integrations, including but not limited to
 
 -  **File integrity monitoring and YARA**: By combining the Wazuh FIM module and the YARA tool, it is possible to detect malware when suspicious file additions or modifications are identified. The YARA rule files contain samples of malware indicators that are downloaded to the monitored endpoints. When the FIM module detects a change in the monitored file or directory, it executes a YARA scan using a script to determine if it is malware. If the YARA rule finds a match with a file, it will send the scan results to the Wazuh server for decoding and alerting. This would be reported according to the custom rule and decoder configurations configured on the Wazuh server. Check this documentation for more information on :doc:`how to integrate the Wazuh FIM module with YARA </user-manual/capabilities/malware-detection/fim-yara>`.
 -  **File integrity monitoring and VirusTotal**: The Wazuh :doc:`Integrator module </user-manual/reference/ossec-conf/integration>` connects to external APIs and alerting tools such as VirusTotal. The :doc:`VirusTotal integration </user-manual/capabilities/malware-detection/virus-total-integration>` uses the VirusTotal API to detect malicious file hashes within the files and directories monitored by the FIM module. Once enabled, when FIM generates alerts, Wazuh initiates the VirusTotal integration to extract the hash value associated with the flagged file from the alert. The VirusTotal API is then used to compare these hashes against its scanning engines for potentially malicious content.
--  **File integrity monitoring and active response**: The :doc:`Wazuh Active Response </user-manual/capabilities/active-response/index>` module automatically responds to threats identified in a timely manner. This combination enables the FIM module to not only detect but also respond to malicious activities. You can configure active response scripts to execute when the FIM module detects file changes in your monitored environment.  Additionally, it also generates alerts for the response performed. This reduces the Mean Time To Respond (MTTR) as malicious changes detected are remediated in a timely manner.
+-  **File integrity monitoring and Active Response**: The :doc:`Wazuh Active Response </user-manual/capabilities/active-response/index>` module automatically responds to threats identified in a timely manner. This combination enables the FIM module to not only detect but also respond to malicious activities. You can configure active response scripts to execute when the FIM module detects file changes in your monitored environment.  Additionally, it also generates alerts for the response performed. This reduces the Mean Time To Respond (MTTR) as malicious changes detected are remediated in a timely manner.
 
    In the image below Wazuh triggers when a file is added to the monitored endpoint. The VirusTotal API scans the file and identifies it as malicious content on 55 engines. Then the Wazuh Active Response module acts immediately to remove the threat from the monitored endpoint.
 

source/proof-of-concept-guide/leveraging-llms-for-alert-enrichment.rst

@@ -10,7 +10,7 @@ Leveraging LLMs for alert enrichment
 
 YARA is a tool that detects and classifies malware artifacts. While YARA can identify known patterns and signatures of malicious activity, human intervention is often required to interpret and contextualize the output of YARA scans. ChatGPT is a generative AI chatbot developed by OpenAI. It provides users with various LLMs to process data. These LLMs can analyze and enrich YARA alerts with additional context, providing security teams with deeper insights into the nature and severity of detected threats.
 
-In this use case, we integrate Wazuh with YARA to detect when a malicious file is added to a monitored endpoint. The integration utilizes the Wazuh :doc:`FIM </user-manual/capabilities/file-integrity/index>` module to monitor a directory for new or modified files. When a file modification or addition is detected, the Wazuh :doc:`Active Response </user-manual/capabilities/active-response/index>` module triggers a YARA scan on the file. The Active response module automatically deletes the malicious file from the endpoint if it has a positive match with a malicious signature. The Active Response module then queries ChatGPT to enrich the YARA scan result with additional insight into the malicious file that helps security teams understand its nature, potential impact, and remediation.
+In this use case, we integrate Wazuh with YARA to detect when a malicious file is added to a monitored endpoint. The integration utilizes the Wazuh :doc:`FIM </user-manual/capabilities/file-integrity/index>` module to monitor a directory for new or modified files. When a file modification or addition is detected, the Wazuh :doc:`Active Response </user-manual/capabilities/active-response/index>` module triggers a YARA scan on the file. The Active Response module automatically deletes the malicious file from the endpoint if it has a positive match with a malicious signature. The Active Response module then queries ChatGPT to enrich the YARA scan result with additional insight into the malicious file that helps security teams understand its nature, potential impact, and remediation.
 
 Infrastructure
 --------------

source/user-manual/capabilities/active-response/ar-use-cases/disabling-user-account.rst

@@ -68,7 +68,7 @@ Wazuh server
    -  ``<command>``: Specifies the command to configure. This is the command name ``disable-account`` defined in the previous step.
    -  ``<location>``: Specifies where the command executes. Using the ``local`` value here means that the command executes on the monitored endpoint where the trigger event occurs.
    -  ``<rules_id>``: The Active Response module executes the command if rule ID ``120100``: ``Possible password guess on $(dstuser): 3 failed logins in a short period of time`` fires.
-   -  ``<timeout>``: Specifies how long the active response action must last. In this use case, we configure it to last for 300 seconds. After that period, the active response reverts its action and re-enables the account.
+   -  ``<timeout>``: Specifies how long the active response action must last. In this use case, we configure it to last for 300 seconds. After that period, the Active Response reverts its action and re-enables the account.
 
 #. Restart the Wazuh manager service to apply changes:
 

source/user-manual/capabilities/active-response/index.rst

@@ -26,7 +26,7 @@ The Wazuh Active Response module executes these scripts on monitored endpoints w
 The image below shows the Active Response workflow.
 
 .. thumbnail:: /images/manual/active-response/active-response-workflow.png
-   :title: Active response workflow
+   :title: Active Response workflow
    :align: center
    :width: 100%