The new version of Wazuh no longer has ELK onboard. It has been replaced with a native search and indexing solution. The gui is now different too. Would like to see this video redone based around the new version.
Does anyone know where I can get access to the rest of the series? There are 3 videos related to WAZUH on this channel, but in the description there's link for a part 2 in all of them. Problem is the link doesn't work and the uploader seems to be gone... Thanks.
You know in my red team/blue team engagement, the very first thing i did was to disable beat and Splunk UF and blue team was completely blind and oblivious of any attacks.
Once elastic drops their update with their own native agents, wazuh will be useless. I’ve only ever used endgame for host agent (enterprise deployment) and if you’re somehow able to kill the endgame agent, it absolutely triggers an alert. Still can’t believe wazuh or beats doesn’t trigger on disable. That’s a huge open source gap if true
A lot is still missing, the engine at the base is still ossec with a “signature based type of rules”. Tu much correlation capabilities are missing to call it a siem. Of clouds… better then nothing but still, calling it a siem is misleading
Hi. Wazuh provides threat prevention, detection, and response capabilities and helps with regulatory compliance. It collects logs from disparate sources and analyzes near real time the security events. It also considers historical and contextual data allowing incident management. It has useful dashboards and reporting capabilities. Wazuh is indeed a complete SIEM + XDR platform. Perhaps you would like to discuss particular features you don't find in the product? What are the missing correlation capabilities? Thank you.
Great evolution. From replacement OSSEC as HIDS to all in one security solution (SIEM+XDR).
The new version of Wazuh no longer has ELK onboard. It has been replaced with a native search and indexing solution. The gui is now different too. Would like to see this video redone based around the new version.
For everyone who's reading this, wish you an amazing day! 🔥❤
Thanks u too
Same to you!
Have a great day too
Same 2 u bro
It was a bad day mate
Great.. Looking forward to the next one in this series.
very good topics with snort and wazuh, thanks
Does anyone know where I can get access to the rest of the series? There are 3 videos related to WAZUH on this channel, but in the description there's link for a part 2 in all of them. Problem is the link doesn't work and the uploader seems to be gone... Thanks.
Thank you so much as you do for teaching us
You know in my red team/blue team engagement, the very first thing i did was to disable beat and Splunk UF and blue team was completely blind and oblivious of any attacks.
From a blue team's perspective, disabling of UF/EDR would trigger a detection right away. Or, if logging stops coming in.
@@killacups there hasn't been a single case in the last 10 years when detection triggered upon killing the UF/Beat process.
Sorry, my answer was a bit more generalized. This completely depends on the environment.
Once elastic drops their update with their own native agents, wazuh will be useless. I’ve only ever used endgame for host agent (enterprise deployment) and if you’re somehow able to kill the endgame agent, it absolutely triggers an alert. Still can’t believe wazuh or beats doesn’t trigger on disable. That’s a huge open source gap if true
Thank you this was a great breakdown of this SIEM
need more video related to Wazuh SIEM
Great info, you got a new subscriber
In preparation for this lab I installed and configured the Security Onion iso. How can I use it with this lab please?
Setup and config video podunga bro
Can wazuh 4.5.2 be installed on debian12? Can you make a flatpak, please?
Whats difference between Wazuh and Splunk
They are different products for logging. If you look into the Pricelists, you will see the difference 😂
By using wazuh you will reduce logs size which you sending to splunk.you can use wazuh as filter for spending important logs to splunk.
Does the Wazuh support with App logs?
No but Filebeat does
Yes it support integration of app log.
Thanks for the help!
Do someone know ho to change ip adress of wazuh after installation?
No setup video?
please sir can u make us video on pegasus
I think am first to watch this
That's what we all say
Great alexis
isnt wazuh EDR/XDR? is it just a siem?
It’s EDR/XDR yes. But in combination with ELK it could be used as a SIEM. But I think there are still a lot of missing functionalities
Nice, First of all you make Elastic search video. There is lack video becasue you directly jump on wazuh.
Need hive and s3 bucket integration videos too
There is video on youtube for s3 bucket integration with wazuh
Monitoring non wazhuh devices
Great
A lot is still missing, the engine at the base is still ossec with a “signature based type of rules”. Tu much correlation capabilities are missing to call it a siem.
Of clouds… better then nothing but still, calling it a siem is misleading
Hi. Wazuh provides threat prevention, detection, and response capabilities and helps with regulatory compliance. It collects logs from disparate sources and analyzes near real time the security events. It also considers historical and contextual data allowing incident management. It has useful dashboards and reporting capabilities. Wazuh is indeed a complete SIEM + XDR platform. Perhaps you would like to discuss particular features you don't find in the product? What are the missing correlation capabilities? Thank you.
I create SIEM put wazu out of business :)
👋👍
great information ❤️❤️🤍
9681 Kilback Trail