The presentation is excellent, giving real examples, not like the vast majority of RUclipsrs who say what is theoretical and that's it. It would be great if you could make a series of videos on wazuh, setups, examples, case studies, etc. Again, brilliant, and thanks for sharing, total genius.
While the software is explained pretty clearly, I have some reservations. On a completely fresh Ubuntu Server 20.04.06 VM (ProxMox) without any extras installed. I followed the links provided in this video and it said this version of Ubuntu is fully supported. The quick install script starts and crashes after a while. The on-screen instructions tell me to extract a generated archive to continue the the installation. That generated archive, well, it isn't generated. Ah well, just scrap the current VM and restore a snapshot I created just after installing Ubuntu Server and retry. Nope. the quick insatll script failed again. Different generated archive failure. Scrap it and restore the snapshot again. Again the script fails, again the first generated archive failure. Found a manual for manual (offline) installing the software, but is is very involved. That method took also a lot more than 5 minutes. But that method at least worked. Once the software runs, it does look good.
@@geroldmanders9742 these software ARE convoluted. Still, the necessity of lurking into dozen of configuration scripts is the problem. You know, they are aimed to system admins, well, but the home-labbers or technicians who want to replicare some high level systems with their customers, need the knowledge of large-scale business, but are on their own. Keeping all the knowledge to gear those things is also not so simple, although it is intriguing to learn about. You yourself faced with the installation issue. I cannot declare it is the norm, but sometimes it is frequent. Take me, I'm in the 50ish, and notbeing a digital born, I have always aimed to learn as much as possible in IT, and am still able to learn and follow or guide my customers into digital world, but for me and few other colleagues who participate into this research of nice and powerful tools (ProxMox, TrueNAS, UNRAID, network security tools, NAS self-construction...) the hardest wall to splash your face to is the issue prone systems that those software lead. I also face frequently with VM problems, so putting a test bench on, is a matter of build physical hardware that has costs, and consumes time.
Few years in to cybercsecurity and you have opened up my world by this practical application. I understood your vocabulary which was super motivating. Thanks keep the videos coming.
Security practitioner/professional here.. this walkthrough is excellent, and this can easily be done in small business env's as well as in a individual's personal home. The cost of entry is just the time it takes to learn, but this can be done by anyone with some time and motivation. You don't even need dedicated computers or servers, this can be done on a Rasberry Pi.
thank you for showcasing and going along with the official documentation, many (most) RUclips content creators will make a video that goes just repeats the official guidelines, and will pretend it's "their own know how" without mentioning where they got the info from, super annoying! And for you, Mr John Hammond, - my deep respect for both the content you do, and also how you do it.
Been meaning to deploy this project since you posted over a year ago. Happy I stayed up late and got it up in the home lab. Can't wait to take this to work and impress all the plebs. Thanks for the hand hold John, it's always nice to walk through the weeds with a friendly face, even if this one was easier than configuring a static IP for netplan on any newer Ubuntu distro.
I've known about Wazuh for a while, however, a lot of people may not and I genuinely love watching your videos. Followed for a long time but rarely, if ever, comment. So here's a huge thanks for the hard work you put into your amazing content.
Very cool tool. I'm going to try this out. Would also highly recommend that everyone reads at least a few of the CIS Benchmark PDFs to harden your system manually. It's actually very fun to do it all the way through.
*gives a round of applause* I have to thank you because every one of your videos that I have seen, I have learned absolutely so much. And I was literally just talking to my friend about how it was so aggravating hat all of those weren’t in a single platform (unless you wanted to pay out the rear for it), and then this shows up. So thank you for making the video, and FOR ONCE, thank you to ‘big brother’ listening in on all of our devices, lol.
I was so lost in studying cybersecurity until I watched this Wazuh video. Now I understand it clearly. Especially studying for the SOC Analyst job. Thanks a lot John. This is the best straightforward, highly informative and no-nonsense video.
@@RTCW-ET-MOVIESI mean I'm sure you can do it just by kicking of a script or even a command remotely that does something like simple like apt-get update and boom its done. Windows even has it's own tool which you can run from cli to force it to download and install updates. Would just be nice to see that as an option builtin. I think that would make this virtually the ultimate free SIEM.
HAHAHA...I should have my head examined thoroughly. I just spent the last 2 days trying to set this up exactly as you did. I could not for the life of me, get the Agent to connect to the Manager. I'm going to take a break and come back to it. Thank you John for the information.
Be careful that your "manager" server does not have the same hostname as any of your agents. When I tried cloning my VMs from a flat Ubuntu image, since I didn't change the hostname from "ubuntu" on the manager server and "ubuntu" on the client agent, it couldn't see the agent (since the 'server' practically is an 'agent'). That's why I force-name mine to "linux" in the video 😅
@@_JohnHammond Thanks for the insight, John. My manager and agent had different hostnames but I found out that my two VM's (Linux) had the same IP Address.
@@_JohnHammond So I got it to work finally. I had to change my network adapter on the Server/Manager to Bridge, and it connected to my Agent. I am assuming that cloning the VM copied the IP Config also.
Hey John Go to 0:17 in the video. what's that behind you? I'm just hoping your aware of it, and I didn't just convince myself there's ghosts. I need to get better sleep lol Your the man J.H.!!! Appreciate all of your efforts in sharing all you do!!! I cant thank you enough for what I've learned from you it helped spark the interest of everything I've learned in the past couple years, appreciate the depth and clarity in your content. Thanks again John Josh...
Thanks for that. It's a really awesome tool i've installed at work to monitor our network couple of months ago. Only big issue at the beginning was the CIS benchmark for ubuntu 22.04 but once you fix the typos and the regex it works A1. Next step for me is to build the Dashboard in OpenSearch
Man wazuh looks amazing :D I am thinking about to use it in my soho and install the agents on all of machines of my family and secure them :D Thanks for the vid!
Instant like and suscribe. However there is a pb at 27:50 : before deleting the file [Which in effects just unlink the file, ie deletes the directory entry helping to point the actual file : if that file is still running or opened, it would still be present and active!] it should instead do first : sudo lsof -Pn and try to see if that exact file (matching the inode!!, 8th field in the lsof -Pn and 1st field in ls -ild) and kill any pid (2nd field) matching this inode. Only then, after another lsof check, delete (=unlink) the file. Making sure to not kill the script itself of course ^^.
Hey John, Any plans to redo your Wazuh overview/tutorial on v4.8.0 of the App. Since their complete overhaul of the GUI, some settings are virtually impossible to find or correlate to your presentation. Cheers!
I would like to see something that provides the Wazuh functionality without the need to set up a server, i.e., on just an isolated home computer. I'm not talking about using a paid cloud service
This seems like a really useful and interesting SIEM tool. It does however suffer from the main problem infecting all Linux projects. Making a web interface but still requiring the user to configure things through a conf file local on the server. Why? Why can't i change these settings through the web-ui?
Been using this for quite a long time, and this becomes challenging when wanting to monitor containers on top of Kubernetes or something like that. Tried to isolate the agent as a container, but it became duplicated when the container was re-deployed 😂
@@RTCW-ET-MOVIES for automatically deployed to every node, using a daemonset or statefulset, to prevent duplicate agent, mount the wazuh agent key to the host to prevent regenerating key when redeploy the pod, so the master will recognize as existing agent instead of a new one
If you're recreating this using VMs in virtualbox, make sure to add a host-only network adapter in addition to the default NAT adapter so your manager and agents can use the same IP address. Very informative video, thank you so much! I'd definitely tune in to future videos about wazuh. In the meantime, I'm going to play around with executing python scripts from the active-response command.
@@pehdenthank you for the correction. For some reason, I was only able to get it to work after doing this. To be fair, I’m new to this space and should’ve mentioned that in my original comment. Thanks again!
just installed this from the OVA template file.. whats confusing me is around 29:30 or so, you show settings\threat detection and you toggle virus total on. the version i just got running doesnt have such a toggle. was that removed in updated versions?
Seems like they have finally morphed OSSEC+Elastic into a nice opensource solution as I had lookedat this many years ago. I'd like to see videos on feeding network device logs into the Wazuh. And also address how to handle retention of logs and events.
Man thanks for this John! I recently implemented Wazuh in my organization but haven't dived deep into all its features like your showcased today. One question, is there a way to configure a single wazuh agent that can be applied to all endpoints?
Thank you John and thank you Wazuh for sponsoring this video. You now have a new subscriber!!! I am most definitely sold!!! You can create a project from this video alone and showcase it on your resume' or portfolio. Thanks again for sharing!!!!
great video John, we appreciate you, please could you take a time and do a video series on wazuh for home networks, and one think that i have not seen yet is wazuh agents for android & iOs devices
I haven't digged too much into my cybersecurity company, though I know for sure we have these "wazuh" agent installed into our clients and we pay about 40k / year (Europe). We have about 500 clients / servers and obviously support for questions, incidents etc... So at this point... do they actually customize these "wazuh" agents for monitoring stuff (Firewall, Antiviruses etc..) for free and resell them? Is the price any good in your opnion?
Have you asked them to explain what they do versus the cost? Systems like Wazuh are quite easy to install but then they have to be optimised, monitored and managed. That is potentially quite a skilled and labour intensive task. It is quite valid to charge for a service that adds value based on open source software. Also worth noting that Wazuh is a component of the Security Onion open source security distribution so if they are working with this you may be getting more bang for your buck in addition to the rather good Wazuh.
Thanks for this video - helped me a lot. I, however ran into a bit of an issue with the windows agent. For some reasons, it failed to assign the server IP to the agent. I had to edit the config file to manually enter the IP address. Just in case anyone else has that issue with the windows agent. Thanks buddy. I appreciate.
Why are so many asking questions that are just a 'control/command + F' away in the official docs? That's why systems keep getting compromised: cause ppl are too lazy to think!
You made reference to Yara rule support but I couldn’t find that in your video. Does Wazah have support for Yara or is this being done through the VirusTotal integration? Thanks for a great video. Cheers 😊
That's a bummer, 2024 and Wazuh doesn't support ARM. I was really exited to create a project with Wazuh, but it failed both on Parallels and VMware VMs. If anyone has a solution please share, thanks!
I'm sure Wazuh can be installed on a Ubuntu raspberry pi but wondering would it be able to handle it? If it can, I'm curious would it be able to run Wazuh with pihole?
I am getting critical hits for office 2016 and it is not installed. I am also getting hit that have no patches to correct the hits on ubuntu like apparmor
Thank you for this video been looking for some way I can learn hands on SOC skill at home. I would like to apply this to my home network. Question can I have the service on VirtualBox and still monitor my home network? If so what would I set the Network Adapter to? Thank you.
Good video. Please please slow down a little and provide some short pauses to allow viewers to absorb information - this was 39 minutes of machine gun firing like experience, message overload. It is even worse for people whom native tongue isn't English. To be fair if your video was 45 mins long instead of 39 - it's no significant difference in length, but better message delivery plus splitting into noticeable sections would make a just good video - a phenomenally good one.
The presentation is excellent, giving real examples, not like the vast majority of RUclipsrs who say what is theoretical and that's it.
It would be great if you could make a series of videos on wazuh, setups, examples, case studies, etc.
Again, brilliant, and thanks for sharing, total genius.
While the software is explained pretty clearly, I have some reservations. On a completely fresh Ubuntu Server 20.04.06 VM (ProxMox) without any extras installed. I followed the links provided in this video and it said this version of Ubuntu is fully supported. The quick install script starts and crashes after a while. The on-screen instructions tell me to extract a generated archive to continue the the installation. That generated archive, well, it isn't generated.
Ah well, just scrap the current VM and restore a snapshot I created just after installing Ubuntu Server and retry. Nope. the quick insatll script failed again. Different generated archive failure. Scrap it and restore the snapshot again. Again the script fails, again the first generated archive failure.
Found a manual for manual (offline) installing the software, but is is very involved. That method took also a lot more than 5 minutes. But that method at least worked. Once the software runs, it does look good.
@@geroldmanders9742 these software ARE convoluted.
Still, the necessity of lurking into dozen of configuration scripts is the problem.
You know, they are aimed to system admins, well, but the home-labbers or technicians who want to replicare some high level systems with their customers, need the knowledge of large-scale business, but are on their own.
Keeping all the knowledge to gear those things is also not so simple, although it is intriguing to learn about.
You yourself faced with the installation issue.
I cannot declare it is the norm, but sometimes it is frequent.
Take me, I'm in the 50ish, and notbeing a digital born, I have always aimed to learn as much as possible in IT, and am still able to learn and follow or guide my customers into digital world, but for me and few other colleagues who participate into this research of nice and powerful tools (ProxMox, TrueNAS, UNRAID, network security tools, NAS self-construction...) the hardest wall to splash your face to is the issue prone systems that those software lead.
I also face frequently with VM problems, so putting a test bench on, is a matter of build physical hardware that has costs, and consumes time.
Few years in to cybercsecurity and you have opened up my world by this practical application. I understood your vocabulary which was super motivating. Thanks keep the videos coming.
Hi brother I was wondering if I can contact you another way to learn about cybersecurity
Security practitioner/professional here.. this walkthrough is excellent, and this can easily be done in small business env's as well as in a individual's personal home. The cost of entry is just the time it takes to learn, but this can be done by anyone with some time and motivation. You don't even need dedicated computers or servers, this can be done on a Rasberry Pi.
I gree and am very hopeful, but time is the problem...
I think one can't spend all day long working on computers and in the free time doing the same.
Until wazuh gets a bigger user base then they will screw everyone over like nessus and rapid7. ill bet money on it.
@@xelerated yeah honestly it's a great platform, offering siem, and threat hunting Capabilities.
thank you for showcasing and going along with the official documentation, many (most) RUclips content creators will make a video that goes just repeats the official guidelines, and will pretend it's "their own know how" without mentioning where they got the info from, super annoying! And for you, Mr John Hammond, - my deep respect for both the content you do, and also how you do it.
Been meaning to deploy this project since you posted over a year ago. Happy I stayed up late and got it up in the home lab. Can't wait to take this to work and impress all the plebs. Thanks for the hand hold John, it's always nice to walk through the weeds with a friendly face, even if this one was easier than configuring a static IP for netplan on any newer Ubuntu distro.
I'm actually amazed at the amount of tools and services Wazuh can provide. Also, thank you Josh, that was very well presented.
josh?
We have been using this for sometime, it’s excellent!!
Yes please more tutorial video with Wazuh. And thank you so much for sharing your knowledge with Wazuh. Love your work
The Seth Rogen of Cyber Security.
Fact!
Bruh I thought I was the only one , even his laugh
This is incredible
💀
Fellow Jewish brother, Seth Rogen, and fellow Seth.
I've known about Wazuh for a while, however, a lot of people may not and I genuinely love watching your videos. Followed for a long time but rarely, if ever, comment. So here's a huge thanks for the hard work you put into your amazing content.
Wazuh is great. i use it as part of a larger security offering.
Talk about timing. I just reinstalled mine after a Linux Upgrade bricked the dashboard. As always, thanks for the clairvoyant topic post.
This is incredible. Thanks so much for making me aware of this and doing a deep dive. I can't wait to set this up in my lab. Appreciate you.
@JohnHammond I'm glad you're able to do all these cool videos that feature various tools, but I miss the days of solving CTF's in the long form format
wach kho cv
Money talks. Long format brings only enthusiastic people together while the other format is more click-baity.
Fantastic video John, great to see Wazuh getting the exposure it deserves!
I just added this to my home network this week. It's awesome.
Very cool tool. I'm going to try this out. Would also highly recommend that everyone reads at least a few of the CIS Benchmark PDFs to harden your system manually. It's actually very fun to do it all the way through.
*gives a round of applause*
I have to thank you because every one of your videos that I have seen, I have learned absolutely so much. And I was literally just talking to my friend about how it was so aggravating hat all of those weren’t in a single platform (unless you wanted to pay out the rear for it), and then this shows up. So thank you for making the video, and FOR ONCE, thank you to ‘big brother’ listening in on all of our devices, lol.
Love it John! Keep it up! I am setting up Wazuh along with you.👍
I was so lost in studying cybersecurity until I watched this Wazuh video. Now I understand it clearly. Especially studying for the SOC Analyst job. Thanks a lot John. This is the best straightforward, highly informative and no-nonsense video.
Nice deeper dive. One thing that would be great to see is vulnerability auto remediation.
Agreed. This would be my use case scenario.
@@RTCW-ET-MOVIESI mean I'm sure you can do it just by kicking of a script or even a command remotely that does something like simple like apt-get update and boom its done. Windows even has it's own tool which you can run from cli to force it to download and install updates. Would just be nice to see that as an option builtin. I think that would make this virtually the ultimate free SIEM.
HAHAHA...I should have my head examined thoroughly. I just spent the last 2 days trying to set this up exactly as you did. I could not for the life of me, get the Agent to connect to the Manager. I'm going to take a break and come back to it. Thank you John for the information.
Be careful that your "manager" server does not have the same hostname as any of your agents. When I tried cloning my VMs from a flat Ubuntu image, since I didn't change the hostname from "ubuntu" on the manager server and "ubuntu" on the client agent, it couldn't see the agent (since the 'server' practically is an 'agent').
That's why I force-name mine to "linux" in the video 😅
@@_JohnHammond Thanks for the insight, John. My manager and agent had different hostnames but I found out that my two VM's (Linux) had the same IP Address.
@@_JohnHammond So I got it to work finally. I had to change my network adapter on the Server/Manager to Bridge, and it connected to my Agent. I am assuming that cloning the VM copied the IP Config also.
Honestly this kind SIEM deployment and testing is one of my favorite's topics. Thanks @JohnHammond
This video probably saved an organization from getting hacked. Thanks!
Great work, excellent video!
Hey John Go to 0:17 in the video. what's that behind you? I'm just hoping your aware of it, and I didn't just convince myself there's ghosts. I need to get better sleep lol
Your the man J.H.!!!
Appreciate all of your efforts in sharing all you do!!!
I cant thank you enough for what I've learned from you it helped spark the interest of everything I've learned in the past couple years, appreciate the depth and clarity in your content.
Thanks again John
Josh...
Great video! Please create a series about this tool! It will help us a lot!
100% agree with all the folks who want to see the series of instructional videos. great topic.
Thanks for that. It's a really awesome tool i've installed at work to monitor our network couple of months ago. Only big issue at the beginning was the CIS benchmark for ubuntu 22.04 but once you fix the typos and the regex it works A1. Next step for me is to build the Dashboard in OpenSearch
Thanks for doing this video. Also, thanks for talking at us like this. Makes it all seem more genuine and really drives the point home!
I’m gonna set this up in my company first thing tomorrow morning it’s frickin awesome and free!
Man wazuh looks amazing :D I am thinking about to use it in my soho and install the agents on all of machines of my family and secure them :D
Thanks for the vid!
Yes, it's incredible 😍😍. Thanks for sharing 😊😊
Best video to date, and that's saying something! Really awesome!!
Thanks. Watching it again and doing the install on my Ubuntu VM running on Proxmox.
You killed this video!!! Got me interested in so many things all at once. Thank you brother!
Instant like and suscribe.
However there is a pb at 27:50 : before deleting the file [Which in effects just unlink the file, ie deletes the directory entry helping to point the actual file : if that file is still running or opened, it would still be present and active!] it should instead do first : sudo lsof -Pn and try to see if that exact file (matching the inode!!, 8th field in the lsof -Pn and 1st field in ls -ild) and kill any pid (2nd field) matching this inode. Only then, after another lsof check, delete (=unlink) the file. Making sure to not kill the script itself of course ^^.
I subbed. Great vid! Gonna set it up on my raspi 4b 👍
Also love the all black background, ...Very easy on the eyes, especially on my iPad.
Thanks so much, first video I watched by you and complete whole thing, I really love the incident response aspect of Wazuh.
I love your enthusiasm. Subscribed!
Just hat to deal with this software ... and how come a security software does NOT have 2FA/MFA available (on the community edition)?
Will deploy this in my company. Learned lot of things
Thank you for the reminder about this. chuck made a video on this and I tried to set it up and failed. But your video it helped and I got it set up
Just awesome is Wazuh, and so are you, bro. You make this seem so simple and explain it very nicely. Thanks a lot...
Ooh this sounds amazing. I am sharing with my team
Hey John,
Any plans to redo your Wazuh overview/tutorial on v4.8.0 of the App.
Since their complete overhaul of the GUI, some settings are virtually impossible to find or correlate to your presentation.
Cheers!
Kudos to you. You made look so simple. Your virtual boxes are running faster.
It is an amazing thing :) thanks for sharing it with us I am very excited to see more showcases videos about Wazuh from you.
I would like to see something that provides the Wazuh functionality without the need to set up a server, i.e., on just an isolated home computer. I'm not talking about using a paid cloud service
Great video! I would love to see more on this. Maybe IDS and unauthorized processes?
There is a Proof of Concept, POC guide on their website, very helpful.
Can you please use the update version. The ui changed to the point, I am confused where is where.
Just completed this room on THM and was awesome.
That was amazing. Looking forward to the next part
This seems like a really useful and interesting SIEM tool. It does however suffer from the main problem infecting all Linux projects.
Making a web interface but still requiring the user to configure things through a conf file local on the server. Why? Why can't i change these settings through the web-ui?
How can you use Wazuh for monitoring IOT devices?
I've been managing Wazuh for 2 years now. ama ❤
Been using this for quite a long time, and this becomes challenging when wanting to monitor containers on top of Kubernetes or something like that. Tried to isolate the agent as a container, but it became duplicated when the container was re-deployed 😂
Thanks I think I was just thinking about doing something like this minus the kubernetes
What is going to be your resolution for resolving this?
@@RTCW-ET-MOVIES for automatically deployed to every node, using a daemonset or statefulset, to prevent duplicate agent, mount the wazuh agent key to the host to prevent regenerating key when redeploy the pod, so the master will recognize as existing agent instead of a new one
@@xanzutdo we have this solution documented anywhere ?
@@amjads8971 I don't find any documentation about this case, even in wazuh documentation only mention monitoring docker via docker socks
If you're recreating this using VMs in virtualbox, make sure to add a host-only network adapter in addition to the default NAT adapter so your manager and agents can use the same IP address.
Very informative video, thank you so much! I'd definitely tune in to future videos about wazuh. In the meantime, I'm going to play around with executing python scripts from the active-response command.
This is not needed. only the wazuh host/server/node needs a fixed ip.
@@pehdenthank you for the correction. For some reason, I was only able to get it to work after doing this. To be fair, I’m new to this space and should’ve mentioned that in my original comment. Thanks again!
@@festivusfortherestivus the agents connect to the host, unlike a decentralized system.
just installed this from the OVA template file.. whats confusing me is around 29:30 or so, you show settings\threat detection and you toggle virus total on. the version i just got running doesnt have such a toggle. was that removed in updated versions?
Such a great demonstration. 😎
Fantastic stuff and very insightful, and thanks for sharing. Looking forward for more OpenSource tools for home and enterprise.
💯
Waiting next video about wazuh…. Make our homelabs secure!
Loved it. Please do more about this!
Seems like they have finally morphed OSSEC+Elastic into a nice opensource solution as I had lookedat this many years ago.
I'd like to see videos on feeding network device logs into the Wazuh.
And also address how to handle retention of logs and events.
This is GOLD. Thank you John.
24:00 wazuh isn't just SIEM but also XDR
25:30 function as an Antivirus ?
I was so lost trying to set up my practice homelab project, all the videos i watched didn't work for me. Asante John!
Man thanks for this John! I recently implemented Wazuh in my organization but haven't dived deep into all its features like your showcased today. One question, is there a way to configure a single wazuh agent that can be applied to all endpoints?
Yes, you can modify the default agent ossec.conf on the server and it will deploy it to the agents when they are enrolled.
Thank you John and thank you Wazuh for sponsoring this video. You now have a new subscriber!!! I am most definitely sold!!! You can create a project from this video alone and showcase it on your resume' or portfolio. Thanks again for sharing!!!!
great video John, we appreciate you, please could you take a time and do a video series on wazuh for home networks, and one think that i have not seen yet is wazuh agents for android & iOs devices
i love your positivity :)
I haven't digged too much into my cybersecurity company, though I know for sure we have these "wazuh" agent installed into our clients and we pay about 40k / year (Europe). We have about 500 clients / servers and obviously support for questions, incidents etc... So at this point... do they actually customize these "wazuh" agents for monitoring stuff (Firewall, Antiviruses etc..) for free and resell them? Is the price any good in your opnion?
Interesting question - thank you! would love to hear response back to this!
They are probably creating the active responses, decoders, and rules themselves as Wazuh doesn't really implement much in the default state.
Have you asked them to explain what they do versus the cost? Systems like Wazuh are quite easy to install but then they have to be optimised, monitored and managed. That is potentially quite a skilled and labour intensive task. It is quite valid to charge for a service that adds value based on open source software. Also worth noting that Wazuh is a component of the Security Onion open source security distribution so if they are working with this you may be getting more bang for your buck in addition to the rather good Wazuh.
blew my mind, too! this is way cool! thanks John!
This is so cool. I have a mini PC that I installed this on and will run it as my SIEM server.
Thanks for this video - helped me a lot. I, however ran into a bit of an issue with the windows agent. For some reasons, it failed to assign the server IP to the agent. I had to edit the config file to manually enter the IP address. Just in case anyone else has that issue with the windows agent. Thanks buddy. I appreciate.
This is like 90% above my head, but it was very interesting. Thanks for sharing
Perfect timing for this video. Thanks!
Why are so many asking questions that are just a 'control/command + F' away in the official docs? That's why systems keep getting compromised: cause ppl are too lazy to think!
You made reference to Yara rule support but I couldn’t find that in your video. Does Wazah have support for Yara or is this being done through the VirusTotal integration? Thanks for a great video. Cheers 😊
That's a bummer, 2024 and Wazuh doesn't support ARM. I was really exited to create a project with Wazuh, but it failed both on Parallels and VMware VMs. If anyone has a solution please share, thanks!
Do you know if there is a way to monitor firewalls and network equipment?
There is no tamper protection and it doesn't have edr ai that can help us enforce rollback or changes
CIS Benchmark is something outstanding in this wazuh setup all other things are similar to other EDR solutions.
I hope you do make some more wazuh videos! I just started using it at home and really like it. There's a lot to dig into!
Built on OSSEC and doesn't scale or work well for large cloud environments with a lot of ephemeral workloads.
This is awesome John!!
Awesome. Thanks for the presentation. i think i´ve seen the light!!!
Good job, I've always been a big fan 👍
I'm sure Wazuh can be installed on a Ubuntu raspberry pi but wondering would it be able to handle it? If it can, I'm curious would it be able to run Wazuh with pihole?
Always the best videos!🔥
I am getting critical hits for office 2016 and it is not installed.
I am also getting hit that have no patches to correct the hits on ubuntu like apparmor
Thank you for this video been looking for some way I can learn hands on SOC skill at home. I would like to apply this to my home network. Question can I have the service on VirtualBox and still monitor my home network? If so what would I set the Network Adapter to? Thank you.
Fantastic video on a complex subject. Detailed enough without going down a rabbit hole of confusion. :)
Very informational. World record for use of the superfluous Americanism "go ahead" in one video.
Million Dollar Question! Can it take the place of, or at least be assessed in relation to, platforms such as SPLUNK for SOC?
easily, this is all part of ELK stack, all open source but totally viable as stand alone
IMO if you're looking for a solution with a footprint that large I would recommend Security Onion (it includes Wazuh).
this is amazing....you are amaziing....thank you!!!
Thanks a lot for this great demonstration. Gonna try everything showed
Good video. Please please slow down a little and provide some short pauses to allow viewers to absorb information - this was 39 minutes of machine gun firing like experience, message overload. It is even worse for people whom native tongue isn't English. To be fair if your video was 45 mins long instead of 39 - it's no significant difference in length, but better message delivery plus splitting into noticeable sections would make a just good video - a phenomenally good one.
Well done video! Solid share. Thank you
10/10
Intend on doing as a project for my cyber security resume.
is it SIEM thingy? or can we said that WAZUH is alternate from SIEM tools?