Wazuh SIEM & XDR Agent Installation - Virtual Lab Building Series: Ep9
Вставка
- Опубліковано 8 чер 2022
- Hey all and welcome to my channel! In Episode 9 of our cyber security virtual lab building series, we are going to install and explore the Wazuh Security Platform which is a SIEM (Security Incident & Event Management) platform, as well as its Linux and Windows XDR/EDR agents.
In this lab we will look at how to deploy the prebuilt Wazuh OVA image into Virtualbox, VMWare and Hyper-V and configure its static IP address connecting it to our lab network. We will then deploy Wazuh agents to our Ubuntu 20.04 server as well as our Windows 10 Pro desktop.
This video is the first addition to our Security Operations Center (SOC ) building series, so please don't forget to turn on notifications so you can be immediately notified of future videos I will be publishing, next up is the installation of TheHive, MISP and Cortex so don't miss it!
If you have been enjoying this series so far, please don't forget to like and subscribe!
Links used in video:
wazuh.com/
docs.vmware.com/en/VMware-vSp...
documentation.wazuh.com/curre...
Commands Used:
Ip add
sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0
Shift+ :wq (save and quit)
Sudo systemctl restart network
Usernames and Passwords:
Username: wazuh-user
Password: wazuh (all lower case)
Dashboard: admin/admin
NOTE: I am not sponsored by or affiliated to any of the products or services mentioned in this video, all opinions are my own based on personal experiences.
DISCLAIMER: All information, techniques and tools showcased in these videos are for educational and ethical penetration testing purposes ONLY. NEVER attempt to use this information to gain unauthorized access to systems without the EXCPLICIT consent of its owners. This is a punishable offence by law in most countries.
#CybserSecurity #Wazuh #SIEM
I was always curious of gaining practical hands on knowledge in cyber security sector, though there are too many tutorials on theoretical lectures i never found tutorial on practical demonstration of cyber security practices UNTIL I FOUND THIS PLAYLIST, THANK YOU : )
very prescriptive and easy to follow - well done.
Wonderful, i am learning quite a lot from this video..
Thank you so much !!!!
that was a good video straight to the point thns subed
i love you bro thanks.!
Glad I could help!
@@ls111cyberEd but there is a small problem ("when i try to make static ip addresses to my machines in hyper-v they can't connect")
Thanks ✅👍👍✅
can i run it on ubuntu server as my device has less ram so i can give less ram to the server
I was hoping to see how to setup the XDR component. Got disappointed. Please update your title.
hi Laal Hope you are doing well...
can you make a tutorial that how to integrate OPNSense Firewall with Wazuh...
Thanks in advance...
Good idea! will add it to my list of future video ideas, thanks
Why does the apache default page opens every time i try.
can you share the link for the Ubuntu server image?
Hi, you can find the latest .iso here:
ubuntu.com/download/server
Why use HyperV now? If the previous videos were with VirtualBox :c
Thanks for watching, I gave 3 options, VirtualBox being the first and easiest one to accomplish. You download the .ova and simply click "import appliance" in VirtualBox, and you will have a Wazuh running in minutes. I chose to include Hyper-V in this lab because I feel it's important to expose oneself while learning to various different technologies because in the real world especially in big business, you are more likely to run into Hyper-V or VMWare/ESXi before you see VirtualBox. There is no better and safer way to learn these technologies than to play around with them in your home lab.
Hello .. I did follow you but i'm getting the error "wazuh dashboard server is not ready yet" >> any recommendation?
Hello, it sometimes does this when first starting up and all the services have not fully loaded yet. Give it a few minutes and try again.
@Federico Pacher Federico, You are a gentleman and a scholar.
When the message Dashboard server is not ready yet" can be produced for one of the following reasons:
- Your service or wazuh-dashboard configuration has some error that causes it to constantly reboot.
- Your wazuh-indexer service is not up or has some error.
- Host resources are insufficient. (I recommend that at least to host the wazuh-indexer and wazuh-dashboard service, you should dedicate at least >4 GB of RAM and 2 CPU cores).
Try to check the status of the wazuh-indexer and wazuh-dashboard services an also check if the hardware resources are sufficient.
where can i download the .vmdk file for hyper v?
Thanks for watching, you will use the same .ova, however, you will need to extract the .vmdk file from it using 7-Zip and convert it to .vhd for Hyper-V using the VirtualBox Management tools as I have shown in the video from 7:00 onward.
wazuh 4.3.1 ???
Thanks for watching. Yes, 4.3.1 was the latest version at the time of this recording. The same setup should apply for version 4.3.6 that was released in July 2022.
you have cut quite a lot of corners for beginners bro
Thanks for the feedback, to help me make better content, what would you have liked to see included in these videos that I have missed?
@@ls111cyberEd bro your setting up videos are like for pros. if you can include trouble shooting, OS being used and some basic pre-reqs it will be helpful
noted, thanks 👍
@@ls111cyberEd Just to be clear, I am a beginner here and this was very easy to follow. The only issue I ran into following this video was when I tried to run net start wazuhsvc it came up with name invalid, I uninstalled and reinstalled the agent and reran the ps script. Then I realized it was just net start wazuh. Still super easy to follow so not sure what this person is talking about. I would love to see their video though. o..O
Thanks for watching! I appreciate the support.