- Видео 20
- Просмотров 29 543
Cyber Tool Guardian
Индия
Добавлен 13 сен 2023
Sending Wazuh Alerts to Elasticsearch
Hey everyone, in this video lets see how we can send wazuh alerts to elasticsearch using logstash in Ubuntu machine.
Find the process in the medium: medium.com/@cybertoolguardian/sending-wazuh-alerts-logs-to-elasticsearch-db1743454534
Subscribe for more such videos.
Check medium profile: medium.com/@cybertoolguardian
Blogger: cybertoolguardian.blogspot.com
Mail: cybertoolguardian@gmail.com
Follow us on Instagram: cybertoolguardian?igshid=MzRlODBiNWFlZA==
Find the process in the medium: medium.com/@cybertoolguardian/sending-wazuh-alerts-logs-to-elasticsearch-db1743454534
Subscribe for more such videos.
Check medium profile: medium.com/@cybertoolguardian
Blogger: cybertoolguardian.blogspot.com
Mail: cybertoolguardian@gmail.com
Follow us on Instagram: cybertoolguardian?igshid=MzRlODBiNWFlZA==
Просмотров: 506
Видео
Complete Guide to OpenSearch
Просмотров 6615 месяцев назад
Welcome to a comprehensive tutorial that takes you on a journey through the intricate setup of OpenSearch and sending Zeek logs using Logstash. Checkout the following medium posts: Installing and Setting up OpenSearch: medium.com/@cybertoolguardian/installing-and-setting-up-opensearch-6fbf88b544ec Installing and Setting up OpenSearch-Dashboards: medium.com/@cybertoolguardian/installing-and-sett...
Blocking Malicious IPs using Suricata
Просмотров 2775 месяцев назад
Hey everyone, in this video we will see how we can block malicious IPs using Suricata. Check-out the documentation at: medium.com/system-weakness/blocking-malicious-ips-using-suricata-3c94a9af3d17 Follow us on Instagram: cybertoolguardian?igshid=MzRlODBiNWFlZA
Sending Suricata Logs to Wazuh
Просмотров 2,4 тыс.6 месяцев назад
Hey everyone, in this video we will see how we can send Suricata logs to Wazuh Check-out the documentation at: medium.com/@cybertoolguardian/sending-suricata-logs-to-wazuh-80a8c2830b8a Follow us on Instagram: cybertoolguardian?igshid=MzRlODBiNWFlZA
Setting Up Wazuh in Ubuntu
Просмотров 3426 месяцев назад
Hey everyone, in this video we will see how we can set up Wazuh in Ubuntu Check-out the documentation at: medium.com/@cybertoolguardian/setting-up-wazuh-in-ubuntu-0f92eb1c827b Follow us on Instagram: cybertoolguardian?igshid=MzRlODBiNWFlZA
Setting up Suricata IDS/ IPS in Ubuntu
Просмотров 1 тыс.6 месяцев назад
Hey everyone, in this video we will see how we can set up a IDS IPS in Ubuntu using Suricata, if want to see how to write custom rules in Suricata let me know in the comments. Check-out the documentation at: medium.com/@cybertoolguardian/setting-up-a-idp-ips-in-ubuntu-0408d7ad3e42 Follow us on Instagram: cybertoolguardian?igshid=MzRlODBiNWFlZA
Sending Zeek logs to OpenSearch using Logstash
Просмотров 4948 месяцев назад
In this video, we will discuss how to send zeek logs to OpenSearch. zeek installation: ruclips.net/video/x_AzT1lvxgs/видео.html OpenSearch: ruclips.net/video/4LMpWmW52T8/видео.html OpenSearch-Dashboards: ruclips.net/video/kABS1fCoxDg/видео.html Checkout the detailed guide: medium.com/@cybertoolguardian Follow us on Instagram: cybertoolguardian?igshid=MzRlODBiNWFlZA
Installation of OpenSearch Dashboards in Ubuntu
Просмотров 9999 месяцев назад
In this video let us see how to install and setup OpenSearch Dashboards in Ubuntu. I will be using Ubuntu Server which is running as VM. Please click that subscribe button, it will really help me. Medium Blog: medium.com/@cybertoolguardian/installing-and-setting-up-opensearch-dashboards-78b540905a29 Official documentation: opensearch.org/docs/latest/install-and-configure/install-opensearch/inde...
Zeek Installation in Ubuntu Easy Method
Просмотров 1,3 тыс.9 месяцев назад
Hey guys, In this video, we have discussed how to install Zeek in Ubuntu in detail and how to generate the logs. Zeek is an open-source protocol analyzer and network security monitoring tool, Zeek was once known as Bro. It is intended to assist enterprises with real-time network traffic monitoring and analysis, offering information on network activity, potential security risks, and performance ...
Installation of OpenSearch in Ubuntu
Просмотров 2,8 тыс.11 месяцев назад
In this video let us see how to install and setup OpenSearch in Ubuntu. I will be using Ubuntu Server which is running as VM. Please click that subscribe button, it will really help me. OpenSearch Medium Blog: medium.com/@cybertoolguardian/installing-and-setting-up-opensearch-6fbf88b544ec Official documentation: opensearch.org/docs/latest/install-and-configure/install-opensearch/index/ Follow u...
Complete Guide to ELK Installation, Zeek Integration, and X-Pack Configuration
Просмотров 1,8 тыс.Год назад
Welcome to a comprehensive tutorial that takes you on a journey through the intricate setup of ELK (Elasticsearch, Logstash, Kibana) Stack, along with the integration of Zeek and the configuration of X-Pack features. 00:00 ELK Installation and configuration 08:46 X-pack configuration 14:28 Zeek installation 24:25 Sending zeek logs using filebeats 34:05 Deploying Fleet server and sending Zeek lo...
Deploying a Static Webpage Using Pages In Cloudflare *For Free*
Просмотров 80Год назад
In this step-by-step tutorial, we'll see how to deploy a static webpages on Cloudflare pages and connect it to your very own domain name. Whether you're a beginner or experienced with cloudflare, this guide will walk you through the entire process, from setting up your server to configuring DNS settings. By the end of this video, you'll have a fully functional static website accessible through ...
Elastic Agents, Fleet Server, sending zeek logs to ELK
Просмотров 1,3 тыс.Год назад
In this video, we will see how to deploy the Fleet server and elastic agent to send Zeek logs to ELK zeek installation: ruclips.net/video/YxvKCMuaoXA/видео.html ELK installation: ruclips.net/video/roJQ-7F_Vgg/видео.html xpack Security: ruclips.net/video/A36iSuk7s44/видео.html Zeek and file beats: ruclips.net/video/L5dj4cGgIIA/видео.html Check medium profile: medium.com/@cybertoolguardian Blogge...
Sending Zeek logs to ELK using Filebeats
Просмотров 1,6 тыс.Год назад
In this video, we will discuss how to send Zeek logs to Kibana using filebeats. zeek installation: ruclips.net/video/YxvKCMuaoXA/видео.html ELK installation: ruclips.net/video/roJQ-7F_Vgg/видео.html xpack Security: ruclips.net/video/A36iSuk7s44/видео.html Documentation: cybertoolguardian.blogspot.com/2023/09/sending-zeek-logs-to-elk-using-filebeats.html medium.com/@cybertoolguardian/c66b4bea35a...
Installing ELK stack in Ubuntu (Elasticsearch, Logstash, Kibana)
Просмотров 8 тыс.Год назад
Installing ELK stack in Ubuntu (Elasticsearch, Logstash, Kibana)
Deploying web server in AWS and linking to a domain name
Просмотров 69Год назад
Deploying web server in AWS and linking to a domain name
Deploying VPN server in AWS using OpenVPN
Просмотров 69Год назад
Deploying VPN server in AWS using OpenVPN
Installing Zeek in Ubuntu step-by-step
Просмотров 5 тыс.Год назад
Installing Zeek in Ubuntu step-by-step
is there no configuration for logstash? my logstash doesnt seem to do its thing tho it is running
For this particular video there is no configuration for logstash, based on the logs you would like to send you can configure it. Check out other videos from channel you will find logstash configuration
What terminal are you using
I’m using Mac terminal to SSH into a Ubuntu machine
@CyberToolGuardian does it matter if it's mac or windows?
It doesn’t matter if you are using Mac or windows to SSH into a Ubuntu machine, but yes make sure of the architecture if the CPU you are using
can you implement ELK Stack SIEM on , i want to create a SIEM model on cloud or hybrid cloud, plz
Thanks but in jvm option should add Xms512m not two Xmx512
Thanks for pointing out, this is already corrected in other video
where is the link to medium command?
Link is in the description
Nice Content bro !
It’s absolutely wonderful that you know about this! If Wazuh is deployed in an all-in-one model, the available version would only be 4.5. But with the method you’ve shown, we can use Wazuh version 4.9. I'm still a student and have very little experience in setting up a Wazuh server node and an Elastic node, then connecting both through Logstash. I stumbled upon your channel - truly my savior. Thank you so much, I really appreciate and admire you!
Glad that the video was helpful, please consider to subscribe to the channel and share it
can u make the vdo of Responding to network attacks with Suricata and Wazuh XDR?
Can you tell exactly what you are asking or drop a mail
I love u. Ty so muchhhhh ❤❤❤
after I pasted the 2 statements "xpack.security.enabled: true xpack.security.authc.api_key.enabled: true" to elasticsearch.yml file, then reloaded elasticsearch and got this error "{"statusCode":503,"error">Service Unavailable","message://Lilence is not available."} ", how can I fix it? my error is exactly the same as 2:17
Hey, I'm not exactly sure why this is happening can you send me a mail of screenshot at cybertoolguardian@gmail.com
@@CyberToolGuardian I have sent you an email, check your email sir.
Can you make a video showing how to integrate Wazuh and ELK? ty very much <3
Can you be specific how you want to integrate both of them
@@CyberToolGuardian I want to see the wazuh alerts collected on Kibanba, You can refer to " Elastic Stack integration ", I watched it and didn't understand how they instructed, I hope you can make a video about it as soon as possible. Ty so much again
Please make video how to install in windows
Thanks for the video, it helped me to understand I need to change the configuration files after the initial installation. I was unable to connect from a different client to the server.
Glad it helped
Hey i have a question , im trying to build an ids using suricata , filebeat , elastic and kibana , im using rn 2 vms , 1st have kibana + elastic , and second have suricata + filebeat , i wanna add wazuh to this architecture to monitor the second vm , should i install the manager in vm1 and the agent on vm2 ? Or should i install the manager directly in vm2 and use it to monitor the machine itself ? Thank you in advance
Install it on separate VM if you ask me, because that will help in keeping everything separate and safe
What are you using to run Ubuntu on Mac?
UTM
Qual versão do Ubuntu server vc usou ??
Here I haven’t used Ubuntu Server, I have used Ubuntu 22.04 LTS
what if Blocking Malicious IPs using zeek?
I'm unsure that if you can use Zeek for blocking IPs because zeek works as a network monitoring tool, but if you have any idea on how to do this, let me know I will work on it and I will share
can u make a video tutorial for blocking ip attackers automatically?
Sure thing, Check out latest video
Your videos are great and helped me configure my ELK for ICS. I have used Zeek to read an old PCAP file (from 2012) and see that modbus.log is generated however I cannot see that data in Kibana even if I changed my time range in 2012.
Can you tell how you are sending logs? And when did you start sending logs
@@CyberToolGuardian Thanks. Finally I was able to make it work but the timestamp was latest one instead of the one from pcap file.
Happy for you
hi can u help me how to read pcap file with zeek?
Send a mail
I have enp0s3 instead of enp0s1
That’s not an issue, interface can be different just make sure you specify the correct interface you have in the configuration file
After make it stucks at 36% and then close my terminal
This issue many are facing not sure why. But check out other method to install zeek video in the channel
Can you please make a video on how to integrate suricate and slips logs to elasticsearch through filebeat. Thank you!
sure I will make a video soon
i got this error: Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
How could I uninstall this???
There's no uninstall target in zeek distribution, but uninstalling should be pretty straightforward. Assuming you installed from source: - Simply rm -rf the zeek directory you installed into If you used zkg: - If you installed it from pip, "pip uninstall zkg" - If you have a ~/.zkg folder, rm -rf that as well.
Hi, I have 4 nodes configured as single-node did all the SSL setting and user account common in all 4 servers. How to bring this into a cluster formation. (Cluster_manager-1,.Data node 2, Coordinator node-1)
great video
I have done the installation according to the directions in the video. There is one problem, why does logstash use 80-95% of CPU resources when running?. I checked the resource usage of logstash through Glances and the PID of logstash always changes and sometimes causes CPU resources to reach 100%. Is there a solution to this problem ?, thank you.
Yes logstash PID keeps changing, can you DM on Instagram, I can help you there
Keep the commands in a file & upload the link of it please.
Find the medium post link in bio, there all commands are listed
@@CyberToolGuardian says to find it in the medium post and yet their post is pay-walled lol. 0/10 and a downvote.
@Fish4Joe If you don’t have medium membership you can go ahead and find my blogger page and the link is the description where the article is free to view, Thanks for the information given ✌️
at 13:19 i getting different error while restart service. "add missing path" "sda:failed to get udev uid: Invalid argument""sda: failed to get sysfs uid: Invalid argument" "sda: failed to get sgio uid: No such file or directory".. pls help to fix this
Thanks for reaching out. Looks like opensearch has ran out of space. I would recommend using a virtual machine with enough storage. I’m not sure how to fix but check current partitions using the command: df -kh Note down the path.data from opensearch.yml Then run, du -h --max-depth=1 <path.data value> You should be sure that partition where path.data resides has more than 15% free space according to how you created the filesystem or the opensearch won't be able to create any new indices, causing it to stop working. If this is the case, you may need to add more storage space to the indexer's partition or delete data manually.
After make I was stuck at 58%. Displaying error 2
Can you share the error screenshot on Instagram
In xpack installation i lost my passwords for elasticsearch and then i tried to regenerate them but failed. What exactly needs to be done to gain those passwords?
I’m not sure about the process but I would suggest, create a super user account using x-pack and use those details to login and from Kibana UI reset passwords or else turn off x-pack security and then try to reset the password. Reach out on Instagram if issue persists
@@CyberToolGuardian hi, i also working on this project . But how can we do a simulation for the attack. For example, i want to get zeek log based on attack i did. How can i demo the attack, so i can get the zeek log from the attack? and display it to SIEM
@ehsanizzuddinaziz5347 I suppose you can do that, write the zeek scripts based on what attacks you want to detect and make sure the script generates logs when a attack is detected, you can send these logs to ELK
@@CyberToolGuardianHi again, may i know if you can do tutorial how to use zeek with pcap file dataset. Becauss I'm tried to use pcap dataset. Zeek will generate the logs and display in Kibana but i still can't fix the problem because it won't show in Kibana. Can you help me?
Send a mail with the problem you are facing
This was an excellent video. For people watching, one thing to keep in mind, he installed this on Ubuntu Server. I tried on Ubuntu workstation but could not get it to work. Have you ever installed this on Kali? If so, could you please do a video on that? Thanks so much for this great video. A + Job Sir!
Sorry, but I have done the installation in Ubuntu Server I have done in normal Ubuntu Workstation. If you are facing any trouble send the screenshot in Instagram as DM
hi sir , good video can you do it with ssl enabled
after 'make' why i stuck in 36%?
The make command takes a lot of time to compete, if you turn off then the command may get stuck, once give some time and see if you get. If still doesn’t work then run configure command and then again make command
If you still get stuck DM with screenshot in Instagram
Great work
Thanks