this Cybersecurity Platform is FREE
HTML-код
- Опубликовано: 30 окт 2023
- jh.live/wazuh || Try Wazuh completely for free, and protect your environments with an open-source SIEM and XDR platform easily accessible on-premise! jh.live/wazuh
PS, I'll be presenting for the CloudSec 360 webinar with Wiz on the MOVEit Transfer exploitation -- tune in on November 8th! jh.live/wiz360
Free Cybersecurity Education and Ethical Hacking with John Hammond
📧 JOIN MY NEWSLETTER ➡ jh.live/email
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥 RUclips ALGORITHM ➡ Like, Comment, & Subscribe!
The Seth Rogen of Cyber Security.
Fact!
Bruh I thought I was the only one , even his laugh
I been like who does John remind of and that is exactly it man
This is incredible
💀
The presentation is excellent, giving real examples, not like the vast majority of RUclipsrs who say what is theoretical and that's it.
It would be great if you could make a series of videos on wazuh, setups, examples, case studies, etc.
Again, brilliant, and thanks for sharing, total genius.
While the software is explained pretty clearly, I have some reservations. On a completely fresh Ubuntu Server 20.04.06 VM (ProxMox) without any extras installed. I followed the links provided in this video and it said this version of Ubuntu is fully supported. The quick install script starts and crashes after a while. The on-screen instructions tell me to extract a generated archive to continue the the installation. That generated archive, well, it isn't generated.
Ah well, just scrap the current VM and restore a snapshot I created just after installing Ubuntu Server and retry. Nope. the quick insatll script failed again. Different generated archive failure. Scrap it and restore the snapshot again. Again the script fails, again the first generated archive failure.
Found a manual for manual (offline) installing the software, but is is very involved. That method took also a lot more than 5 minutes. But that method at least worked. Once the software runs, it does look good.
@@geroldmanders9742 these software ARE convoluted.
Still, the necessity of lurking into dozen of configuration scripts is the problem.
You know, they are aimed to system admins, well, but the home-labbers or technicians who want to replicare some high level systems with their customers, need the knowledge of large-scale business, but are on their own.
Keeping all the knowledge to gear those things is also not so simple, although it is intriguing to learn about.
You yourself faced with the installation issue.
I cannot declare it is the norm, but sometimes it is frequent.
Take me, I'm in the 50ish, and notbeing a digital born, I have always aimed to learn as much as possible in IT, and am still able to learn and follow or guide my customers into digital world, but for me and few other colleagues who participate into this research of nice and powerful tools (ProxMox, TrueNAS, UNRAID, network security tools, NAS self-construction...) the hardest wall to splash your face to is the issue prone systems that those software lead.
I also face frequently with VM problems, so putting a test bench on, is a matter of build physical hardware that has costs, and consumes time.
@@geroldmanders9742 Did you check /var/log/wazuh-install.log? What did that say?
Few years in to cybercsecurity and you have opened up my world by this practical application. I understood your vocabulary which was super motivating. Thanks keep the videos coming.
Security practitioner/professional here.. this walkthrough is excellent, and this can easily be done in small business env's as well as in a individual's personal home. The cost of entry is just the time it takes to learn, but this can be done by anyone with some time and motivation. You don't even need dedicated computers or servers, this can be done on a Rasberry Pi.
I gree and am very hopeful, but time is the problem...
I think one can't spend all day long working on computers and in the free time doing the same.
Until wazuh gets a bigger user base then they will screw everyone over like nessus and rapid7. ill bet money on it.
@@xelerated yeah honestly it's a great platform, offering siem, and threat hunting Capabilities.
I'm actually amazed at the amount of tools and services Wazuh can provide. Also, thank you Josh, that was very well presented.
*gives a round of applause*
I have to thank you because every one of your videos that I have seen, I have learned absolutely so much. And I was literally just talking to my friend about how it was so aggravating hat all of those weren’t in a single platform (unless you wanted to pay out the rear for it), and then this shows up. So thank you for making the video, and FOR ONCE, thank you to ‘big brother’ listening in on all of our devices, lol.
This is incredible. Thanks so much for making me aware of this and doing a deep dive. I can't wait to set this up in my lab. Appreciate you.
I was so lost in studying cybersecurity until I watched this Wazuh video. Now I understand it clearly. Especially studying for the SOC Analyst job. Thanks a lot John. This is the best straightforward, highly informative and no-nonsense video.
Thanks for that. It's a really awesome tool i've installed at work to monitor our network couple of months ago. Only big issue at the beginning was the CIS benchmark for ubuntu 22.04 but once you fix the typos and the regex it works A1. Next step for me is to build the Dashboard in OpenSearch
Yes please more tutorial video with Wazuh. And thank you so much for sharing your knowledge with Wazuh. Love your work
Love it John! Keep it up! I am setting up Wazuh along with you.👍
Thanks for doing this video. Also, thanks for talking at us like this. Makes it all seem more genuine and really drives the point home!
We have been using this for sometime, it’s excellent!!
Fantastic video John, great to see Wazuh getting the exposure it deserves!
I've known about Wazuh for a while, however, a lot of people may not and I genuinely love watching your videos. Followed for a long time but rarely, if ever, comment. So here's a huge thanks for the hard work you put into your amazing content.
Wazuh is great. i use it as part of a larger security offering.
@JohnHammond I'm glad you're able to do all these cool videos that feature various tools, but I miss the days of solving CTF's in the long form format
wach kho cv
Money talks. Long format brings only enthusiastic people together while the other format is more click-baity.
You killed this video!!! Got me interested in so many things all at once. Thank you brother!
Thanks so much, first video I watched by you and complete whole thing, I really love the incident response aspect of Wazuh.
Talk about timing. I just reinstalled mine after a Linux Upgrade bricked the dashboard. As always, thanks for the clairvoyant topic post.
Just awesome is Wazuh, and so are you, bro. You make this seem so simple and explain it very nicely. Thanks a lot...
Great video! Please create a series about this tool! It will help us a lot!
Great video! I would love to see more on this. Maybe IDS and unauthorized processes?
There is a Proof of Concept, POC guide on their website, very helpful.
I subbed. Great vid! Gonna set it up on my raspi 4b 👍
Also love the all black background, ...Very easy on the eyes, especially on my iPad.
Honestly this kind SIEM deployment and testing is one of my favorite's topics. Thanks @JohnHammond
Fantastic video on a complex subject. Detailed enough without going down a rabbit hole of confusion. :)
I just added this to my home network this week. It's awesome.
Kudos to you. You made look so simple. Your virtual boxes are running faster.
100% agree with all the folks who want to see the series of instructional videos. great topic.
Nice deeper dive. One thing that would be great to see is vulnerability auto remediation.
Agreed. This would be my use case scenario.
@@MicrosoftieI mean I'm sure you can do it just by kicking of a script or even a command remotely that does something like simple like apt-get update and boom its done. Windows even has it's own tool which you can run from cli to force it to download and install updates. Would just be nice to see that as an option builtin. I think that would make this virtually the ultimate free SIEM.
This video probably saved an organization from getting hacked. Thanks!
Just completed this room on THM and was awesome.
Hey John Go to 0:17 in the video. what's that behind you? I'm just hoping your aware of it, and I didn't just convince myself there's ghosts. I need to get better sleep lol
Your the man J.H.!!!
Appreciate all of your efforts in sharing all you do!!!
I cant thank you enough for what I've learned from you it helped spark the interest of everything I've learned in the past couple years, appreciate the depth and clarity in your content.
Thanks again John
Josh...
I love your enthusiasm. Subscribed!
Instant like and suscribe.
However there is a pb at 27:50 : before deleting the file [Which in effects just unlink the file, ie deletes the directory entry helping to point the actual file : if that file is still running or opened, it would still be present and active!] it should instead do first : sudo lsof -Pn and try to see if that exact file (matching the inode!!, 8th field in the lsof -Pn and 1st field in ls -ild) and kill any pid (2nd field) matching this inode. Only then, after another lsof check, delete (=unlink) the file. Making sure to not kill the script itself of course ^^.
Man wazuh looks amazing :D I am thinking about to use it in my soho and install the agents on all of machines of my family and secure them :D
Thanks for the vid!
Thank you for the reminder about this. chuck made a video on this and I tried to set it up and failed. But your video it helped and I got it set up
Seems like they have finally morphed OSSEC+Elastic into a nice opensource solution as I had lookedat this many years ago.
I'd like to see videos on feeding network device logs into the Wazuh.
And also address how to handle retention of logs and events.
Best video to date, and that's saying something! Really awesome!!
Will deploy this in my company. Learned lot of things
Ooh this sounds amazing. I am sharing with my team
Thanks. Watching it again and doing the install on my Ubuntu VM running on Proxmox.
If you're recreating this using VMs in virtualbox, make sure to add a host-only network adapter in addition to the default NAT adapter so your manager and agents can use the same IP address.
Very informative video, thank you so much! I'd definitely tune in to future videos about wazuh. In the meantime, I'm going to play around with executing python scripts from the active-response command.
This is not needed. only the wazuh host/server/node needs a fixed ip.
@@pehdenthank you for the correction. For some reason, I was only able to get it to work after doing this. To be fair, I’m new to this space and should’ve mentioned that in my original comment. Thanks again!
@@festivusfortherestivus the agents connect to the host, unlike a decentralized system.
Fantastic stuff and very insightful, and thanks for sharing. Looking forward for more OpenSource tools for home and enterprise.
💯
HAHAHA...I should have my head examined thoroughly. I just spent the last 2 days trying to set this up exactly as you did. I could not for the life of me, get the Agent to connect to the Manager. I'm going to take a break and come back to it. Thank you John for the information.
Be careful that your "manager" server does not have the same hostname as any of your agents. When I tried cloning my VMs from a flat Ubuntu image, since I didn't change the hostname from "ubuntu" on the manager server and "ubuntu" on the client agent, it couldn't see the agent (since the 'server' practically is an 'agent').
That's why I force-name mine to "linux" in the video 😅
@@_JohnHammond Thanks for the insight, John. My manager and agent had different hostnames but I found out that my two VM's (Linux) had the same IP Address.
@@_JohnHammond So I got it to work finally. I had to change my network adapter on the Server/Manager to Bridge, and it connected to my Agent. I am assuming that cloning the VM copied the IP Config also.
That was amazing. Looking forward to the next part
It is an amazing thing :) thanks for sharing it with us I am very excited to see more showcases videos about Wazuh from you.
Yes, it's incredible 😍😍. Thanks for sharing 😊😊
I hope you do make some more wazuh videos! I just started using it at home and really like it. There's a lot to dig into!
CIS Benchmark is something outstanding in this wazuh setup all other things are similar to other EDR solutions.
Thanks for this video - helped me a lot. I, however ran into a bit of an issue with the windows agent. For some reasons, it failed to assign the server IP to the agent. I had to edit the config file to manually enter the IP address. Just in case anyone else has that issue with the windows agent. Thanks buddy. I appreciate.
More Wash videos please! This was great content!
I've been managing Wazuh for 2 years now. ama ❤
Hi John, thanks a lot for sharing with us your knowledge! Please made more videos about wazuh! Cheers
This is like 90% above my head, but it was very interesting. Thanks for sharing
Great video. Thank you. I'm curious how relevant this software is today (in comparison to other products on the market)? Thanks again, and keep on doing what you're doing.
You made reference to Yara rule support but I couldn’t find that in your video. Does Wazah have support for Yara or is this being done through the VirusTotal integration? Thanks for a great video. Cheers 😊
Loved it. Please do more about this!
thank you john for your efforts.
please can you do more video's about wazuh
Cool video, you covered the main things and you concentrated to the essential part and not to do show like other videos. So thanks for this.
Thanks a lot for this great demonstration. Gonna try everything showed
This is GOLD. Thank you John.
great video John, we appreciate you, please could you take a time and do a video series on wazuh for home networks, and one think that i have not seen yet is wazuh agents for android & iOs devices
Perfect timing for this video. Thanks!
Waiting next video about wazuh…. Make our homelabs secure!
Hi John. Thanks for the introduction. Nevertheless, could you please make a video in which you explain how we can monitor the outbound and inbound traffic for an agent? I want to be able to see the IP addresses, the URLs that an agent is checking and so on. Thank you.
Good job, I've always been a big fan 👍
Been using this for quite a long time, and this becomes challenging when wanting to monitor containers on top of Kubernetes or something like that. Tried to isolate the agent as a container, but it became duplicated when the container was re-deployed 😂
Thanks I think I was just thinking about doing something like this minus the kubernetes
What is going to be your resolution for resolving this?
@@Microsoftie for automatically deployed to every node, using a daemonset or statefulset, to prevent duplicate agent, mount the wazuh agent key to the host to prevent regenerating key when redeploy the pod, so the master will recognize as existing agent instead of a new one
@@xanzutdo we have this solution documented anywhere ?
@@amjads8971 I don't find any documentation about this case, even in wazuh documentation only mention monitoring docker via docker socks
Man thanks for this John! I recently implemented Wazuh in my organization but haven't dived deep into all its features like your showcased today. One question, is there a way to configure a single wazuh agent that can be applied to all endpoints?
Yes, you can modify the default agent ossec.conf on the server and it will deploy it to the agents when they are enrolled.
Always the best videos!🔥
Awesome. Thanks for the presentation. i think i´ve seen the light!!!
Such a great demonstration. 😎
blew my mind, too! this is way cool! thanks John!
Thank you for this video been looking for some way I can learn hands on SOC skill at home. I would like to apply this to my home network. Question can I have the service on VirtualBox and still monitor my home network? If so what would I set the Network Adapter to? Thank you.
this is amazing....you are amaziing....thank you!!!
Awesome job John, Thank you.
This is so cool. I have a mini PC that I installed this on and will run it as my SIEM server.
This is awesome John!!
Amazing, do you know what is the spec required for home network? involved around 20+- hosts
your energy is awesome!!
Great work, excellent video!
Yours was an excellent presentation. Sadly, what I saw while following your instructions didn't match what you saw, starting at the "Install agent" page. Unfortunately, there wasn't enough information for me to figure out where things went wrong.
Very informational. World record for use of the superfluous Americanism "go ahead" in one video.
Well done video! Solid share. Thank you
oh John Oh John....You are simply amazing. Great work
looks great. good video.....but surely it can restart agents om the client side?
Great video. Thanks John.
10/10
Intend on doing as a project for my cyber security resume.
Wazuh looks cool. Any reason to choose it over some other open-source EDR solutions?
i love your positivity :)
Great tutorial. Inspired me to test drive!
Great video, please post more with this product.
Thank You Sir , much appreciated . Great content
If you were using it for actual security would you use it on a vm or better to run directly ?
I would like to see something that provides the Wazuh functionality without the need to set up a server, i.e., on just an isolated home computer. I'm not talking about using a paid cloud service
Wonderful demo of Wazuh
Great video. Thank you!
DO IT!! I was playing with this for a little bit and got stuck on the alerts. I was thinking of doing something cool like creating a discord chat for alerts. Make my life easier please!!
I had a little laugh at this when watching. Great video. However when you said most of our servers are Linux I went, "oh, are they?" I have been working n the small business sector in Australia for 40 odd years and I think I could still count the amount of production servers I've seen running Linux on one hand, (ok maybe that's an exaggeration, but you get the point). This seems like an awesome platform. Currently I Google how to do stuff on Linux cos I don't use it enough to remember things. However, it seems I am going to have to finally bite the bullet and learn how to set up and manage a Linux VM on my Hyper-V server ...😑
I'm sure Wazuh can be installed on a Ubuntu raspberry pi but wondering would it be able to handle it? If it can, I'm curious would it be able to run Wazuh with pihole?
This seems like a really useful and interesting SIEM tool. It does however suffer from the main problem infecting all Linux projects.
Making a web interface but still requiring the user to configure things through a conf file local on the server. Why? Why can't i change these settings through the web-ui?