Take Control of Your Security: Free, Self-Hosted SIEM & Logs with Graylog, Wazuh, & Security Onion

Поделиться
HTML-код
  • Опубликовано: 2 фев 2025

Комментарии • 48

  • @jaredelfaz2558
    @jaredelfaz2558 Месяц назад +6

    we need more video of Security onion since it's complex to understand and your method of teaching make everything easy

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  Месяц назад

      Their channel is really good www.youtube.com/@security-onion

    • @jaredelfaz2558
      @jaredelfaz2558 Месяц назад

      @@LAWRENCESYSTEMS true, but missing alot of stuff, I think they want you to buy the premium course.

  • @Zaim-S
    @Zaim-S 2 месяца назад +8

    Thanks for this that you heard out the comments from the last video and created a deeper one with other tools in compression

  • @anelibrahimovic7787
    @anelibrahimovic7787 2 месяца назад +11

    Not just for home network. If you are on a budget, Security Onion as NIDS and Wazuh as HIDS with Graylog, Hive and Velociraptor are a potent combo for a solid SOC on a budget. Better to have open source monitoring than nothing.

    • @Wahinies
      @Wahinies 2 месяца назад +3

      Your post has me nerding out so hard

    • @chisomo-r3m
      @chisomo-r3m 5 дней назад

      @@Wahinies You made me realise I was doing the same

  • @waretechnologies6845
    @waretechnologies6845 2 месяца назад +5

    Security Onion with some good network taps is a potent combo. I love it on my home network.

  • @chaosfenix
    @chaosfenix 2 месяца назад +8

    You definitely saw my comment on your security onion video. Thanks for this comparison. There are a lot of tools out there but knowing which ones to use depending on your situation can be difficult. This was really helpful though.

  • @maxmustermann194
    @maxmustermann194 2 месяца назад +2

    Excellent insights, appreciated!

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  2 месяца назад +1

      Glad it was helpful!

    • @maxmustermann194
      @maxmustermann194 2 месяца назад

      @@LAWRENCESYSTEMS oh yeah, we're evaluating Wazuh in conjunction with OpenSearch as a logging solution for a client and the pcap limitation is an interesting point.

  • @calvin_thefreak
    @calvin_thefreak 2 месяца назад +7

    I think, graylog would be a great addition to my stack, since at work we use Splunk (which is very expensive). Graylog seems somewhat similar to splunk.

    • @sphui
      @sphui 2 месяца назад

      If your company is utilizing Splunk, you may indeed be eligible for a Personalized Dev/Test License.

  • @gerardocaceres7997
    @gerardocaceres7997 2 месяца назад

    Would like to see more of Wazuh

  • @jood-r8l
    @jood-r8l 2 месяца назад

    Can you run these on one piece of hardware or each on one?

  • @therealjsevilla5516
    @therealjsevilla5516 9 дней назад

    What kind of hardware do you recommend for hosting a HIDS and NIDS system? I'd be happy to look at any reference links

  • @stormsoendergaard3023
    @stormsoendergaard3023 2 месяца назад

    Have you tried Grafana stack for logging/metrics?
    Something along the line of:
    - Grafana for dashboards
    - Aloy for logging/metric agent
    - Loki for log aggregation
    - Mimir for long-term metrics storage
    - Prometheus for metrics
    - AlertManager for alerts

  • @gjkrisa
    @gjkrisa 2 месяца назад

    hey tom! would you be willing to make a video on how to compile a pfsense iso from source?

  • @gjkrisa
    @gjkrisa 2 месяца назад +1

    i feel if they make a direct app for linux it’s best to run that way in my opinion. is this a poor way of thinking or is docker a better way. is it just for the added layer of protection?

    • @ImTheKaiser
      @ImTheKaiser Месяц назад

      Once you dockerize, you’ll want to dockerize everything that you reasonably can

  • @bzmrgonz
    @bzmrgonz 2 месяца назад

    No crowdsec Francois???

  • @jeankgabriel
    @jeankgabriel 2 месяца назад

    Thank you

  • @buweloitacademy1195
    @buweloitacademy1195 2 месяца назад

    Is it okay to have agent from wazuh and security onion on same machine?

  • @yasser-cifer8175
    @yasser-cifer8175 2 месяца назад

    am struggling a looot with writing my own syslog decoders in ,i wonder if adding graylog could help !

    • @Anto-oi9yf
      @Anto-oi9yf 2 месяца назад

      you will need to writing your own parser on graylog too, its not built in

  • @DANNOS1993
    @DANNOS1993 2 месяца назад

    What about Elastic?

  • @yugandharm.3810
    @yugandharm.3810 2 месяца назад +1

    Thanks for the video. Can we build Wazuh on latest Graylog Open version (replacing filebeat) with Grafana?

  • @bak1necWWE
    @bak1necWWE 2 месяца назад +5

    I hate wazuh and ran from anything that runs on opensearch. You add some opensearch dashboard and use it, and then when you update your wazuh, it wont start back saying that some dashboards from opensearch are no longer supported....
    and then you have a bug, lets say your wazuh version is 4.6.0, and you update your endpoint wazuh agent from 4.6.1 but dont update ur server bcuz you dont want the problem with it not starting after updating, but your wazuh gonna alert that your agent OUTDATED bcuz 4.6.1 not equal to 4.6.0. I know its free but one of the worst open source product that ive used

    • @Wahinies
      @Wahinies 2 месяца назад

      A lot of Linux based stuff is like that which is why I favor containers. Installing locally to a Linux host carries a lot of headaches. For example following a guide for Debian 11 will not work for Debian 12 because of dependency differences. Guide for CentOs are supposed to work for Alma or Rocky but sometimes run into snags again because of dependencies. Then anything relying on Apache is going to be a bigger pain under RHEL/Centos/Alma/Rocky because only Debian derivatives have a2enmod. There are so many spectacular, confidently written linux guides for so many things but anything larger than say nano is going to suck some time with depe dency issues.

  • @DoughBoy2024
    @DoughBoy2024 2 месяца назад

    Hey Tom, how about doing an updated video to some of the other tools you guys use i.e., ninjaone, sentinelone, etc

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  2 месяца назад

      forums.lawrencesystems.com/t/client-defense-matrix-the-msp-stack-we-use-to-defend-our-clients/18805

  • @HerbieBancock
    @HerbieBancock 2 месяца назад

    Nobody wants to steal anything on your "homelab."

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  2 месяца назад +10

      Maybe no one wants to steal your Homelab but I don't that's true of all homelabs.

    • @EAteearsehole
      @EAteearsehole 2 месяца назад

      Tell us more about your extra chromosome.

    • @svenstubes
      @svenstubes 2 месяца назад +2

      who cares about stealing things? homelabbers have come powerful equipment to be taken and put into a botnet. I for one dont want the hardware i paid for the be used by others.