Security practitioner/professional here.. this walkthrough is excellent, and this can easily be done in small business env's as well as in a individual's personal home. The cost of entry is just the time it takes to learn, but this can be done by anyone with some time and motivation. You don't even need dedicated computers or servers, this can be done on a Rasberry Pi.
The presentation is excellent, giving real examples, not like the vast majority of UA-camrs who say what is theoretical and that's it. It would be great if you could make a series of videos on wazuh, setups, examples, case studies, etc. Again, brilliant, and thanks for sharing, total genius.
While the software is explained pretty clearly, I have some reservations. On a completely fresh Ubuntu Server 20.04.06 VM (ProxMox) without any extras installed. I followed the links provided in this video and it said this version of Ubuntu is fully supported. The quick install script starts and crashes after a while. The on-screen instructions tell me to extract a generated archive to continue the the installation. That generated archive, well, it isn't generated. Ah well, just scrap the current VM and restore a snapshot I created just after installing Ubuntu Server and retry. Nope. the quick insatll script failed again. Different generated archive failure. Scrap it and restore the snapshot again. Again the script fails, again the first generated archive failure. Found a manual for manual (offline) installing the software, but is is very involved. That method took also a lot more than 5 minutes. But that method at least worked. Once the software runs, it does look good.
@@geroldmanders9742 these software ARE convoluted. Still, the necessity of lurking into dozen of configuration scripts is the problem. You know, they are aimed to system admins, well, but the home-labbers or technicians who want to replicare some high level systems with their customers, need the knowledge of large-scale business, but are on their own. Keeping all the knowledge to gear those things is also not so simple, although it is intriguing to learn about. You yourself faced with the installation issue. I cannot declare it is the norm, but sometimes it is frequent. Take me, I'm in the 50ish, and notbeing a digital born, I have always aimed to learn as much as possible in IT, and am still able to learn and follow or guide my customers into digital world, but for me and few other colleagues who participate into this research of nice and powerful tools (ProxMox, TrueNAS, UNRAID, network security tools, NAS self-construction...) the hardest wall to splash your face to is the issue prone systems that those software lead. I also face frequently with VM problems, so putting a test bench on, is a matter of build physical hardware that has costs, and consumes time.
Few years in to cybercsecurity and you have opened up my world by this practical application. I understood your vocabulary which was super motivating. Thanks keep the videos coming.
Been meaning to deploy this project since you posted over a year ago. Happy I stayed up late and got it up in the home lab. Can't wait to take this to work and impress all the plebs. Thanks for the hand hold John, it's always nice to walk through the weeds with a friendly face, even if this one was easier than configuring a static IP for netplan on any newer Ubuntu distro.
thank you for showcasing and going along with the official documentation, many (most) UA-cam content creators will make a video that goes just repeats the official guidelines, and will pretend it's "their own know how" without mentioning where they got the info from, super annoying! And for you, Mr John Hammond, - my deep respect for both the content you do, and also how you do it.
Very cool tool. I'm going to try this out. Would also highly recommend that everyone reads at least a few of the CIS Benchmark PDFs to harden your system manually. It's actually very fun to do it all the way through.
I was so lost in studying cybersecurity until I watched this Wazuh video. Now I understand it clearly. Especially studying for the SOC Analyst job. Thanks a lot John. This is the best straightforward, highly informative and no-nonsense video.
I've known about Wazuh for a while, however, a lot of people may not and I genuinely love watching your videos. Followed for a long time but rarely, if ever, comment. So here's a huge thanks for the hard work you put into your amazing content.
@@RTCW-ET-MOVIESI mean I'm sure you can do it just by kicking of a script or even a command remotely that does something like simple like apt-get update and boom its done. Windows even has it's own tool which you can run from cli to force it to download and install updates. Would just be nice to see that as an option builtin. I think that would make this virtually the ultimate free SIEM.
Been using this for quite a long time, and this becomes challenging when wanting to monitor containers on top of Kubernetes or something like that. Tried to isolate the agent as a container, but it became duplicated when the container was re-deployed 😂
@@RTCW-ET-MOVIES for automatically deployed to every node, using a daemonset or statefulset, to prevent duplicate agent, mount the wazuh agent key to the host to prevent regenerating key when redeploy the pod, so the master will recognize as existing agent instead of a new one
Instant like and suscribe. However there is a pb at 27:50 : before deleting the file [Which in effects just unlink the file, ie deletes the directory entry helping to point the actual file : if that file is still running or opened, it would still be present and active!] it should instead do first : sudo lsof -Pn and try to see if that exact file (matching the inode!!, 8th field in the lsof -Pn and 1st field in ls -ild) and kill any pid (2nd field) matching this inode. Only then, after another lsof check, delete (=unlink) the file. Making sure to not kill the script itself of course ^^.
*gives a round of applause* I have to thank you because every one of your videos that I have seen, I have learned absolutely so much. And I was literally just talking to my friend about how it was so aggravating hat all of those weren’t in a single platform (unless you wanted to pay out the rear for it), and then this shows up. So thank you for making the video, and FOR ONCE, thank you to ‘big brother’ listening in on all of our devices, lol.
HAHAHA...I should have my head examined thoroughly. I just spent the last 2 days trying to set this up exactly as you did. I could not for the life of me, get the Agent to connect to the Manager. I'm going to take a break and come back to it. Thank you John for the information.
Be careful that your "manager" server does not have the same hostname as any of your agents. When I tried cloning my VMs from a flat Ubuntu image, since I didn't change the hostname from "ubuntu" on the manager server and "ubuntu" on the client agent, it couldn't see the agent (since the 'server' practically is an 'agent'). That's why I force-name mine to "linux" in the video 😅
@@_JohnHammond Thanks for the insight, John. My manager and agent had different hostnames but I found out that my two VM's (Linux) had the same IP Address.
@@_JohnHammond So I got it to work finally. I had to change my network adapter on the Server/Manager to Bridge, and it connected to my Agent. I am assuming that cloning the VM copied the IP Config also.
Hey John Go to 0:17 in the video. what's that behind you? I'm just hoping your aware of it, and I didn't just convince myself there's ghosts. I need to get better sleep lol Your the man J.H.!!! Appreciate all of your efforts in sharing all you do!!! I cant thank you enough for what I've learned from you it helped spark the interest of everything I've learned in the past couple years, appreciate the depth and clarity in your content. Thanks again John Josh...
Seems like they have finally morphed OSSEC+Elastic into a nice opensource solution as I had lookedat this many years ago. I'd like to see videos on feeding network device logs into the Wazuh. And also address how to handle retention of logs and events.
Thanks for that. It's a really awesome tool i've installed at work to monitor our network couple of months ago. Only big issue at the beginning was the CIS benchmark for ubuntu 22.04 but once you fix the typos and the regex it works A1. Next step for me is to build the Dashboard in OpenSearch
Man wazuh looks amazing :D I am thinking about to use it in my soho and install the agents on all of machines of my family and secure them :D Thanks for the vid!
If you're recreating this using VMs in virtualbox, make sure to add a host-only network adapter in addition to the default NAT adapter so your manager and agents can use the same IP address. Very informative video, thank you so much! I'd definitely tune in to future videos about wazuh. In the meantime, I'm going to play around with executing python scripts from the active-response command.
@@pehdenthank you for the correction. For some reason, I was only able to get it to work after doing this. To be fair, I’m new to this space and should’ve mentioned that in my original comment. Thanks again!
Babies first SIEM/EDR/XDR. Did my senior project on Wazuh. Since then I have graduated to CrowdStrike where I work but Wazuh still holds a special place in my heart
I’m doing my senior project right now for my bachelors in cybersecurity and was thinking about doing something with Wazuh since we use it at work! Would you be willing to connect and talk more about what your project was like?
This seems like a really useful and interesting SIEM tool. It does however suffer from the main problem infecting all Linux projects. Making a web interface but still requiring the user to configure things through a conf file local on the server. Why? Why can't i change these settings through the web-ui?
Thank you John and thank you Wazuh for sponsoring this video. You now have a new subscriber!!! I am most definitely sold!!! You can create a project from this video alone and showcase it on your resume' or portfolio. Thanks again for sharing!!!!
Hi John. Thanks for the introduction. Nevertheless, could you please make a video in which you explain how we can monitor the outbound and inbound traffic for an agent? I want to be able to see the IP addresses, the URLs that an agent is checking and so on. Thank you.
I would like to see something that provides the Wazuh functionality without the need to set up a server, i.e., on just an isolated home computer. I'm not talking about using a paid cloud service
Thanks for this video - helped me a lot. I, however ran into a bit of an issue with the windows agent. For some reasons, it failed to assign the server IP to the agent. I had to edit the config file to manually enter the IP address. Just in case anyone else has that issue with the windows agent. Thanks buddy. I appreciate.
great video John, we appreciate you, please could you take a time and do a video series on wazuh for home networks, and one think that i have not seen yet is wazuh agents for android & iOs devices
Hey John, Any plans to redo your Wazuh overview/tutorial on v4.8.0 of the App. Since their complete overhaul of the GUI, some settings are virtually impossible to find or correlate to your presentation. Cheers!
wazuh: how many graphs and charts do you want? me: yes great i got a simple at home server and installed wazuh. I love this video straight to point thank you.
Yours was an excellent presentation. Sadly, what I saw while following your instructions didn't match what you saw, starting at the "Install agent" page. Unfortunately, there wasn't enough information for me to figure out where things went wrong.
I had a little laugh at this when watching. Great video. However when you said most of our servers are Linux I went, "oh, are they?" I have been working n the small business sector in Australia for 40 odd years and I think I could still count the amount of production servers I've seen running Linux on one hand, (ok maybe that's an exaggeration, but you get the point). This seems like an awesome platform. Currently I Google how to do stuff on Linux cos I don't use it enough to remember things. However, it seems I am going to have to finally bite the bullet and learn how to set up and manage a Linux VM on my Hyper-V server ...😑
Man thanks for this John! I recently implemented Wazuh in my organization but haven't dived deep into all its features like your showcased today. One question, is there a way to configure a single wazuh agent that can be applied to all endpoints?
Great video. Thank you. I'm curious how relevant this software is today (in comparison to other products on the market)? Thanks again, and keep on doing what you're doing.
Thank you for this video been looking for some way I can learn hands on SOC skill at home. I would like to apply this to my home network. Question can I have the service on VirtualBox and still monitor my home network? If so what would I set the Network Adapter to? Thank you.
You made reference to Yara rule support but I couldn’t find that in your video. Does Wazah have support for Yara or is this being done through the VirusTotal integration? Thanks for a great video. Cheers 😊
DO IT!! I was playing with this for a little bit and got stuck on the alerts. I was thinking of doing something cool like creating a discord chat for alerts. Make my life easier please!!
Why are so many asking questions that are just a 'control/command + F' away in the official docs? That's why systems keep getting compromised: cause ppl are too lazy to think!
Security practitioner/professional here.. this walkthrough is excellent, and this can easily be done in small business env's as well as in a individual's personal home. The cost of entry is just the time it takes to learn, but this can be done by anyone with some time and motivation. You don't even need dedicated computers or servers, this can be done on a Rasberry Pi.
I gree and am very hopeful, but time is the problem...
I think one can't spend all day long working on computers and in the free time doing the same.
Until wazuh gets a bigger user base then they will screw everyone over like nessus and rapid7. ill bet money on it.
@@xelerated yeah honestly it's a great platform, offering siem, and threat hunting Capabilities.
The presentation is excellent, giving real examples, not like the vast majority of UA-camrs who say what is theoretical and that's it.
It would be great if you could make a series of videos on wazuh, setups, examples, case studies, etc.
Again, brilliant, and thanks for sharing, total genius.
While the software is explained pretty clearly, I have some reservations. On a completely fresh Ubuntu Server 20.04.06 VM (ProxMox) without any extras installed. I followed the links provided in this video and it said this version of Ubuntu is fully supported. The quick install script starts and crashes after a while. The on-screen instructions tell me to extract a generated archive to continue the the installation. That generated archive, well, it isn't generated.
Ah well, just scrap the current VM and restore a snapshot I created just after installing Ubuntu Server and retry. Nope. the quick insatll script failed again. Different generated archive failure. Scrap it and restore the snapshot again. Again the script fails, again the first generated archive failure.
Found a manual for manual (offline) installing the software, but is is very involved. That method took also a lot more than 5 minutes. But that method at least worked. Once the software runs, it does look good.
@@geroldmanders9742 these software ARE convoluted.
Still, the necessity of lurking into dozen of configuration scripts is the problem.
You know, they are aimed to system admins, well, but the home-labbers or technicians who want to replicare some high level systems with their customers, need the knowledge of large-scale business, but are on their own.
Keeping all the knowledge to gear those things is also not so simple, although it is intriguing to learn about.
You yourself faced with the installation issue.
I cannot declare it is the norm, but sometimes it is frequent.
Take me, I'm in the 50ish, and notbeing a digital born, I have always aimed to learn as much as possible in IT, and am still able to learn and follow or guide my customers into digital world, but for me and few other colleagues who participate into this research of nice and powerful tools (ProxMox, TrueNAS, UNRAID, network security tools, NAS self-construction...) the hardest wall to splash your face to is the issue prone systems that those software lead.
I also face frequently with VM problems, so putting a test bench on, is a matter of build physical hardware that has costs, and consumes time.
Few years in to cybercsecurity and you have opened up my world by this practical application. I understood your vocabulary which was super motivating. Thanks keep the videos coming.
Hi brother I was wondering if I can contact you another way to learn about cybersecurity
Been meaning to deploy this project since you posted over a year ago. Happy I stayed up late and got it up in the home lab. Can't wait to take this to work and impress all the plebs. Thanks for the hand hold John, it's always nice to walk through the weeds with a friendly face, even if this one was easier than configuring a static IP for netplan on any newer Ubuntu distro.
thank you for showcasing and going along with the official documentation, many (most) UA-cam content creators will make a video that goes just repeats the official guidelines, and will pretend it's "their own know how" without mentioning where they got the info from, super annoying! And for you, Mr John Hammond, - my deep respect for both the content you do, and also how you do it.
The Seth Rogen of Cyber Security.
Fact!
Bruh I thought I was the only one , even his laugh
This is incredible
💀
Fellow Jewish brother, Seth Rogen, and fellow Seth.
I'm actually amazed at the amount of tools and services Wazuh can provide. Also, thank you Josh, that was very well presented.
josh?
Very cool tool. I'm going to try this out. Would also highly recommend that everyone reads at least a few of the CIS Benchmark PDFs to harden your system manually. It's actually very fun to do it all the way through.
@JohnHammond I'm glad you're able to do all these cool videos that feature various tools, but I miss the days of solving CTF's in the long form format
wach kho cv
Money talks. Long format brings only enthusiastic people together while the other format is more click-baity.
I was so lost in studying cybersecurity until I watched this Wazuh video. Now I understand it clearly. Especially studying for the SOC Analyst job. Thanks a lot John. This is the best straightforward, highly informative and no-nonsense video.
This video probably saved an organization from getting hacked. Thanks!
I've known about Wazuh for a while, however, a lot of people may not and I genuinely love watching your videos. Followed for a long time but rarely, if ever, comment. So here's a huge thanks for the hard work you put into your amazing content.
Wazuh is great. i use it as part of a larger security offering.
Nice deeper dive. One thing that would be great to see is vulnerability auto remediation.
Agreed. This would be my use case scenario.
@@RTCW-ET-MOVIESI mean I'm sure you can do it just by kicking of a script or even a command remotely that does something like simple like apt-get update and boom its done. Windows even has it's own tool which you can run from cli to force it to download and install updates. Would just be nice to see that as an option builtin. I think that would make this virtually the ultimate free SIEM.
We have been using this for sometime, it’s excellent!!
Yes please more tutorial video with Wazuh. And thank you so much for sharing your knowledge with Wazuh. Love your work
Talk about timing. I just reinstalled mine after a Linux Upgrade bricked the dashboard. As always, thanks for the clairvoyant topic post.
I just added this to my home network this week. It's awesome.
Been using this for quite a long time, and this becomes challenging when wanting to monitor containers on top of Kubernetes or something like that. Tried to isolate the agent as a container, but it became duplicated when the container was re-deployed 😂
Thanks I think I was just thinking about doing something like this minus the kubernetes
What is going to be your resolution for resolving this?
@@RTCW-ET-MOVIES for automatically deployed to every node, using a daemonset or statefulset, to prevent duplicate agent, mount the wazuh agent key to the host to prevent regenerating key when redeploy the pod, so the master will recognize as existing agent instead of a new one
@@xanzutdo we have this solution documented anywhere ?
@@amjads8971 I don't find any documentation about this case, even in wazuh documentation only mention monitoring docker via docker socks
Fantastic video John, great to see Wazuh getting the exposure it deserves!
Instant like and suscribe.
However there is a pb at 27:50 : before deleting the file [Which in effects just unlink the file, ie deletes the directory entry helping to point the actual file : if that file is still running or opened, it would still be present and active!] it should instead do first : sudo lsof -Pn and try to see if that exact file (matching the inode!!, 8th field in the lsof -Pn and 1st field in ls -ild) and kill any pid (2nd field) matching this inode. Only then, after another lsof check, delete (=unlink) the file. Making sure to not kill the script itself of course ^^.
*gives a round of applause*
I have to thank you because every one of your videos that I have seen, I have learned absolutely so much. And I was literally just talking to my friend about how it was so aggravating hat all of those weren’t in a single platform (unless you wanted to pay out the rear for it), and then this shows up. So thank you for making the video, and FOR ONCE, thank you to ‘big brother’ listening in on all of our devices, lol.
HAHAHA...I should have my head examined thoroughly. I just spent the last 2 days trying to set this up exactly as you did. I could not for the life of me, get the Agent to connect to the Manager. I'm going to take a break and come back to it. Thank you John for the information.
Be careful that your "manager" server does not have the same hostname as any of your agents. When I tried cloning my VMs from a flat Ubuntu image, since I didn't change the hostname from "ubuntu" on the manager server and "ubuntu" on the client agent, it couldn't see the agent (since the 'server' practically is an 'agent').
That's why I force-name mine to "linux" in the video 😅
@@_JohnHammond Thanks for the insight, John. My manager and agent had different hostnames but I found out that my two VM's (Linux) had the same IP Address.
@@_JohnHammond So I got it to work finally. I had to change my network adapter on the Server/Manager to Bridge, and it connected to my Agent. I am assuming that cloning the VM copied the IP Config also.
Hey John Go to 0:17 in the video. what's that behind you? I'm just hoping your aware of it, and I didn't just convince myself there's ghosts. I need to get better sleep lol
Your the man J.H.!!!
Appreciate all of your efforts in sharing all you do!!!
I cant thank you enough for what I've learned from you it helped spark the interest of everything I've learned in the past couple years, appreciate the depth and clarity in your content.
Thanks again John
Josh...
I’m gonna set this up in my company first thing tomorrow morning it’s frickin awesome and free!
Love it John! Keep it up! I am setting up Wazuh along with you.👍
Great video! Please create a series about this tool! It will help us a lot!
This is incredible. Thanks so much for making me aware of this and doing a deep dive. I can't wait to set this up in my lab. Appreciate you.
Seems like they have finally morphed OSSEC+Elastic into a nice opensource solution as I had lookedat this many years ago.
I'd like to see videos on feeding network device logs into the Wazuh.
And also address how to handle retention of logs and events.
Just completed this room on THM and was awesome.
Honestly this kind SIEM deployment and testing is one of my favorite's topics. Thanks @JohnHammond
Thanks. Watching it again and doing the install on my Ubuntu VM running on Proxmox.
Thanks for that. It's a really awesome tool i've installed at work to monitor our network couple of months ago. Only big issue at the beginning was the CIS benchmark for ubuntu 22.04 but once you fix the typos and the regex it works A1. Next step for me is to build the Dashboard in OpenSearch
100% agree with all the folks who want to see the series of instructional videos. great topic.
Will deploy this in my company. Learned lot of things
I love your enthusiasm. Subscribed!
Great work, excellent video!
Man wazuh looks amazing :D I am thinking about to use it in my soho and install the agents on all of machines of my family and secure them :D
Thanks for the vid!
If you're recreating this using VMs in virtualbox, make sure to add a host-only network adapter in addition to the default NAT adapter so your manager and agents can use the same IP address.
Very informative video, thank you so much! I'd definitely tune in to future videos about wazuh. In the meantime, I'm going to play around with executing python scripts from the active-response command.
This is not needed. only the wazuh host/server/node needs a fixed ip.
@@pehdenthank you for the correction. For some reason, I was only able to get it to work after doing this. To be fair, I’m new to this space and should’ve mentioned that in my original comment. Thanks again!
@@festivusfortherestivus the agents connect to the host, unlike a decentralized system.
Waiting next video about wazuh…. Make our homelabs secure!
Thank you for the reminder about this. chuck made a video on this and I tried to set it up and failed. But your video it helped and I got it set up
I've been managing Wazuh for 2 years now. ama ❤
CIS Benchmark is something outstanding in this wazuh setup all other things are similar to other EDR solutions.
You killed this video!!! Got me interested in so many things all at once. Thank you brother!
Best video to date, and that's saying something! Really awesome!!
I was so lost trying to set up my practice homelab project, all the videos i watched didn't work for me. Asante John!
Thanks for doing this video. Also, thanks for talking at us like this. Makes it all seem more genuine and really drives the point home!
I subbed. Great vid! Gonna set it up on my raspi 4b 👍
Also love the all black background, ...Very easy on the eyes, especially on my iPad.
Thanks so much, first video I watched by you and complete whole thing, I really love the incident response aspect of Wazuh.
Babies first SIEM/EDR/XDR. Did my senior project on Wazuh. Since then I have graduated to CrowdStrike where I work but Wazuh still holds a special place in my heart
I’m doing my senior project right now for my bachelors in cybersecurity and was thinking about doing something with Wazuh since we use it at work! Would you be willing to connect and talk more about what your project was like?
Great video! I would love to see more on this. Maybe IDS and unauthorized processes?
There is a Proof of Concept, POC guide on their website, very helpful.
Ooh this sounds amazing. I am sharing with my team
This seems like a really useful and interesting SIEM tool. It does however suffer from the main problem infecting all Linux projects.
Making a web interface but still requiring the user to configure things through a conf file local on the server. Why? Why can't i change these settings through the web-ui?
Thank you John and thank you Wazuh for sponsoring this video. You now have a new subscriber!!! I am most definitely sold!!! You can create a project from this video alone and showcase it on your resume' or portfolio. Thanks again for sharing!!!!
10/10
Intend on doing as a project for my cyber security resume.
Yes, it's incredible 😍😍. Thanks for sharing 😊😊
Very informational. World record for use of the superfluous Americanism "go ahead" in one video.
Kudos to you. You made look so simple. Your virtual boxes are running faster.
Can you please use the update version. The ui changed to the point, I am confused where is where.
This is so cool. I have a mini PC that I installed this on and will run it as my SIEM server.
Hi John. Thanks for the introduction. Nevertheless, could you please make a video in which you explain how we can monitor the outbound and inbound traffic for an agent? I want to be able to see the IP addresses, the URLs that an agent is checking and so on. Thank you.
I would like to see something that provides the Wazuh functionality without the need to set up a server, i.e., on just an isolated home computer. I'm not talking about using a paid cloud service
Thanks for this video - helped me a lot. I, however ran into a bit of an issue with the windows agent. For some reasons, it failed to assign the server IP to the agent. I had to edit the config file to manually enter the IP address. Just in case anyone else has that issue with the windows agent. Thanks buddy. I appreciate.
great video John, we appreciate you, please could you take a time and do a video series on wazuh for home networks, and one think that i have not seen yet is wazuh agents for android & iOs devices
Hey John,
Any plans to redo your Wazuh overview/tutorial on v4.8.0 of the App.
Since their complete overhaul of the GUI, some settings are virtually impossible to find or correlate to your presentation.
Cheers!
That was amazing. Looking forward to the next part
Just awesome is Wazuh, and so are you, bro. You make this seem so simple and explain it very nicely. Thanks a lot...
This is like 90% above my head, but it was very interesting. Thanks for sharing
Loved it. Please do more about this!
It is an amazing thing :) thanks for sharing it with us I am very excited to see more showcases videos about Wazuh from you.
Such a great demonstration. 😎
This is GOLD. Thank you John.
How can you use Wazuh for monitoring IOT devices?
Fantastic stuff and very insightful, and thanks for sharing. Looking forward for more OpenSource tools for home and enterprise.
💯
Awesome. Thanks for the presentation. i think i´ve seen the light!!!
I hope you do make some more wazuh videos! I just started using it at home and really like it. There's a lot to dig into!
thank you john for your efforts.
please can you do more video's about wazuh
wazuh: how many graphs and charts do you want?
me: yes
great i got a simple at home server and installed wazuh. I love this video straight to point thank you.
Perfect timing for this video. Thanks!
Yours was an excellent presentation. Sadly, what I saw while following your instructions didn't match what you saw, starting at the "Install agent" page. Unfortunately, there wasn't enough information for me to figure out where things went wrong.
i love your positivity :)
Hi John, thanks a lot for sharing with us your knowledge! Please made more videos about wazuh! Cheers
blew my mind, too! this is way cool! thanks John!
I had a little laugh at this when watching. Great video. However when you said most of our servers are Linux I went, "oh, are they?" I have been working n the small business sector in Australia for 40 odd years and I think I could still count the amount of production servers I've seen running Linux on one hand, (ok maybe that's an exaggeration, but you get the point). This seems like an awesome platform. Currently I Google how to do stuff on Linux cos I don't use it enough to remember things. However, it seems I am going to have to finally bite the bullet and learn how to set up and manage a Linux VM on my Hyper-V server ...😑
Man thanks for this John! I recently implemented Wazuh in my organization but haven't dived deep into all its features like your showcased today. One question, is there a way to configure a single wazuh agent that can be applied to all endpoints?
Yes, you can modify the default agent ossec.conf on the server and it will deploy it to the agents when they are enrolled.
What's the catch? I've been looking into this and it all seems to good to be true!
wow, this is like having a master chief suit
Great video. Thank you. I'm curious how relevant this software is today (in comparison to other products on the market)? Thanks again, and keep on doing what you're doing.
Thank you for this video been looking for some way I can learn hands on SOC skill at home. I would like to apply this to my home network. Question can I have the service on VirtualBox and still monitor my home network? If so what would I set the Network Adapter to? Thank you.
You made reference to Yara rule support but I couldn’t find that in your video. Does Wazah have support for Yara or is this being done through the VirusTotal integration? Thanks for a great video. Cheers 😊
Thanks a lot for this great demonstration. Gonna try everything showed
oh John Oh John....You are simply amazing. Great work
this is amazing....you are amaziing....thank you!!!
DO IT!! I was playing with this for a little bit and got stuck on the alerts. I was thinking of doing something cool like creating a discord chat for alerts. Make my life easier please!!
Fantastic video on a complex subject. Detailed enough without going down a rabbit hole of confusion. :)
looks great. good video.....but surely it can restart agents om the client side?
Why are so many asking questions that are just a 'control/command + F' away in the official docs? That's why systems keep getting compromised: cause ppl are too lazy to think!
Do you know if there is a way to monitor firewalls and network equipment?
One of these days John is going to spin up a Security Onion VM...
Your a god in Cyber security.GODTRON
Built on OSSEC and doesn't scale or work well for large cloud environments with a lot of ephemeral workloads.