What I am looking at is Shipping Logs in SysLog format from Wazuh Server to Security Onion and Corelate, otherwise configuring hundreds of agents in this way may not be practical for larger deployments.
@@bilaichacha8388 my webserver is from amazon and it has public IP address. However, my security onion is local and doesn't have IP address. How can I connect webserver to SecurityOnion?
@@mohammednasser2669you will likely have to tunnel into your local network or port forward those two wazuh ports on your router to target your security onion. You mentioned your security onion doesn't have an IP but that doesn't really make sense to me. So forward to the IP of the onion, which is your public IP or local IP for tunnel.
Can you do a test of Security onion 2.4?
At 7:43 on the alerts page under event.module why are we not seeing wazuh as the module name why we are seeing OSSEC.
What I am looking at is Shipping Logs in SysLog format from Wazuh Server to Security Onion and Corelate, otherwise configuring hundreds of agents in this way may not be practical for larger deployments.
Does anyone know if adding Wazuh is possible on Security Onion 2.4?
Sir , I'm still unable to take logs of ubuntu on security onion.
Please help
Did you manage?
@@bilaichacha8388 my webserver is from amazon and it has public IP address. However, my security onion is local and doesn't have IP address. How can I connect webserver to SecurityOnion?
@@mohammednasser2669you will likely have to tunnel into your local network or port forward those two wazuh ports on your router to target your security onion.
You mentioned your security onion doesn't have an IP but that doesn't really make sense to me. So forward to the IP of the onion, which is your public IP or local IP for tunnel.
I love you