Take Control of Your Security: Free, Self-Hosted SIEM & Logs with Graylog, Wazuh, & Security Onion

Поделиться
HTML-код
  • Опубликовано: 23 дек 2024
  • НаукаНаука

Комментарии • 42

  • @anelibrahimovic7787
    @anelibrahimovic7787 Месяц назад +9

    Not just for home network. If you are on a budget, Security Onion as NIDS and Wazuh as HIDS with Graylog, Hive and Velociraptor are a potent combo for a solid SOC on a budget. Better to have open source monitoring than nothing.

    • @Wahinies
      @Wahinies Месяц назад +1

      Your post has me nerding out so hard

  • @Zaim-S
    @Zaim-S Месяц назад +8

    Thanks for this that you heard out the comments from the last video and created a deeper one with other tools in compression

  • @chaosfenix
    @chaosfenix Месяц назад +8

    You definitely saw my comment on your security onion video. Thanks for this comparison. There are a lot of tools out there but knowing which ones to use depending on your situation can be difficult. This was really helpful though.

  • @waretechnologies6845
    @waretechnologies6845 Месяц назад +5

    Security Onion with some good network taps is a potent combo. I love it on my home network.

  • @calvin_thefreak
    @calvin_thefreak Месяц назад +7

    I think, graylog would be a great addition to my stack, since at work we use Splunk (which is very expensive). Graylog seems somewhat similar to splunk.

    • @sphui
      @sphui Месяц назад

      If your company is utilizing Splunk, you may indeed be eligible for a Personalized Dev/Test License.

  • @stormsoendergaard3023
    @stormsoendergaard3023 27 дней назад

    Have you tried Grafana stack for logging/metrics?
    Something along the line of:
    - Grafana for dashboards
    - Aloy for logging/metric agent
    - Loki for log aggregation
    - Mimir for long-term metrics storage
    - Prometheus for metrics
    - AlertManager for alerts

  • @yugandharm.3810
    @yugandharm.3810 Месяц назад +1

    Thanks for the video. Can we build Wazuh on latest Graylog Open version (replacing filebeat) with Grafana?

  • @maxmustermann194
    @maxmustermann194 Месяц назад +2

    Excellent insights, appreciated!

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  Месяц назад +1

      Glad it was helpful!

    • @maxmustermann194
      @maxmustermann194 Месяц назад

      @@LAWRENCESYSTEMS oh yeah, we're evaluating Wazuh in conjunction with OpenSearch as a logging solution for a client and the pcap limitation is an interesting point.

  • @gjkrisa
    @gjkrisa Месяц назад +1

    i feel if they make a direct app for linux it’s best to run that way in my opinion. is this a poor way of thinking or is docker a better way. is it just for the added layer of protection?

    • @ImTheKaiser
      @ImTheKaiser 13 часов назад

      Once you dockerize, you’ll want to dockerize everything that you reasonably can

  • @gjkrisa
    @gjkrisa Месяц назад

    hey tom! would you be willing to make a video on how to compile a pfsense iso from source?

  • @jood-r8l
    @jood-r8l Месяц назад

    Can you run these on one piece of hardware or each on one?

  • @buweloitacademy1195
    @buweloitacademy1195 Месяц назад

    Is it okay to have agent from wazuh and security onion on same machine?

  • @yasser-cifer8175
    @yasser-cifer8175 Месяц назад

    am struggling a looot with writing my own syslog decoders in ,i wonder if adding graylog could help !

    • @Anto-oi9yf
      @Anto-oi9yf Месяц назад

      you will need to writing your own parser on graylog too, its not built in

  • @gerardocaceres7997
    @gerardocaceres7997 25 дней назад

    Would like to see more of Wazuh

  • @bzmrgonz
    @bzmrgonz Месяц назад

    No crowdsec Francois???

  • @dtitan1993
    @dtitan1993 27 дней назад

    What about Elastic?

  • @jeankgabriel
    @jeankgabriel Месяц назад

    Thank you

  • @bak1necWWE
    @bak1necWWE Месяц назад +5

    I hate wazuh and ran from anything that runs on opensearch. You add some opensearch dashboard and use it, and then when you update your wazuh, it wont start back saying that some dashboards from opensearch are no longer supported....
    and then you have a bug, lets say your wazuh version is 4.6.0, and you update your endpoint wazuh agent from 4.6.1 but dont update ur server bcuz you dont want the problem with it not starting after updating, but your wazuh gonna alert that your agent OUTDATED bcuz 4.6.1 not equal to 4.6.0. I know its free but one of the worst open source product that ive used

    • @Wahinies
      @Wahinies Месяц назад

      A lot of Linux based stuff is like that which is why I favor containers. Installing locally to a Linux host carries a lot of headaches. For example following a guide for Debian 11 will not work for Debian 12 because of dependency differences. Guide for CentOs are supposed to work for Alma or Rocky but sometimes run into snags again because of dependencies. Then anything relying on Apache is going to be a bigger pain under RHEL/Centos/Alma/Rocky because only Debian derivatives have a2enmod. There are so many spectacular, confidently written linux guides for so many things but anything larger than say nano is going to suck some time with depe dency issues.

  • @DoughBoy2024
    @DoughBoy2024 Месяц назад

    Hey Tom, how about doing an updated video to some of the other tools you guys use i.e., ninjaone, sentinelone, etc

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  Месяц назад

      forums.lawrencesystems.com/t/client-defense-matrix-the-msp-stack-we-use-to-defend-our-clients/18805

  • @HerbieBancock
    @HerbieBancock Месяц назад

    Nobody wants to steal anything on your "homelab."

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  Месяц назад +9

      Maybe no one wants to steal your Homelab but I don't that's true of all homelabs.

    • @EAteearsehole
      @EAteearsehole Месяц назад

      Tell us more about your extra chromosome.

    • @svenstubes
      @svenstubes Месяц назад +1

      who cares about stealing things? homelabbers have come powerful equipment to be taken and put into a botnet. I for one dont want the hardware i paid for the be used by others.