Threat Detection & Active Response With Wazuh
HTML-код
- Опубликовано: 4 окт 2024
- In this video, I cover the process of detecting and defending against threats and attacks with Wazuh. In the context of blue team operations, Wazuh is a SIEM (Security Information Event Management) system that is used to collect, analyze, aggregate, index, and analyze security-related data consequently allowing you to detect intrusions, attacks, vulnerabilities, and malicious activity.
You can register for part 2 of this series for free here: bit.ly/3yJqT3c
//LINKS
Wazuh: wazuh.com/
Wazuh Documentation: documentation....
Video Slides: bit.ly/38F2t0m
Register For Part 2 Of This Series: bit.ly/3yJqT3c
Get 100$ In Free Linode Credit: bit.ly/39mrvRM
//PLATFORMS
BLOG ►► bit.ly/3qjvSjK
FORUM ►► bit.ly/39r2kcY
ACADEMY ►► bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► bit.ly/3sNKXfq
DISCORD ►► bit.ly/3hkIDsK
INSTAGRAM ►► bit.ly/3sP1Syh
LINKEDIN ►► bit.ly/360qwlN
PATREON ►► bit.ly/365iDLK
MERCHANDISE ►► bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link (73% Off) ►► bit.ly/3DEPbu5
Get $100 In Free Linode Credit ►► bit.ly/39mrvRM
Get started with Intigriti: go.intigriti.c...
//CYBERTALK PODCAST
Spotify ►► spoti.fi/3lP65jv
Apple Podcasts ►► apple.co/3GsIPQo
//WE VALUE YOUR FEEDBACK
We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
//THANK YOU!
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
-----------------------------------------------------------------------------------
#Cybersecurity#BlueTeam
Fantastic series! It's awesome that your Ubuntu instance was actively being attacked while you were making this video. That really demonstrates the value of a SIEM and also highlights the fact that attackers are always trying something. Thanks for the videos!
This channel is a goldmine! Thank you for all your time and effort!!
Came across your videos a month ago and won't stop until I see ALL of them.
But what really cranked me up here was hearing how PUMPED up you were when you saw it's a real(-time) attack. Gold. :)
Thanks for the awesome videos. PLEASE keep doing them.
One of the best infoSec expert..🙏
Great video! I did not realize Wazuh can configure action to add active response rule. Thank you for the content! I learned a lot
Thank you for creating this awesome content. Glad to see those real time attack surface and mitigation techniques. You are doing great job Alexis ❤🙌
Nice walkthrough I am learning security onion in school and noticed Wazuh is part of it.
between them which one better and easier
@@nbctcp3450 security onion is pretty easy to use so i would say that one but probably because i've used it more than wazuh shown in the video
@@QuantumNaut I have tried SecurityOnion last night. The problem was.
1. I can't pull as docker image
2. iso size is big 8GB and 6GB of it is docker repository
I can't find on how to install SO in Docker. If you have one please let me know
Simply awesome! 😀
Great video. Loved the demo with adding some active defense.
It is very much knowledgeable video for those who are Wazuh Siem Administrator. Thanks HS
Hey bro your all videos are very informative...
Can you please make a video on DArknet chip (How it is use)
Thank you very much, very interesting content, especially with that unexpected brute force attack. A real case.
Hello thanks for detailed video on Wazuh! Could you please cover correlation part also.
thanku for this kind of knowledge video we want more about it plz sir.....and ur voice is more magical
This video has been so useful! The one question I have, is how to build a set of rules that can be built into the solution **before** moving a server into production. To me, that would seem to be better than trying to deal with problems as they happen.
I think this is one of your better how-to videos. The real attack and watching how you used Wazuh to gather details and invoke a basic defense definitely added to what otherwise would have been a rather boring walk-through of the installation and capabilities.
NIce video...Can you make another video how to create rules, dashboard and how to get logs from L3 Routers
Really informative, thank you!
Very informative video on Wazuh Active Response
Thanks for the great video. Is there an option to to add some kind of logic to the active responses? For example, block the IP address only after 5 or 10 failed attempts?
Great ! Very fruitable … 🤓
How can we integrate the hive with wazuh plz make an video
when we set the rule to prevent the brute force attack, That rule is for all the traffic from externa network?
your link is not work.I want to join your part 2 series.How can i join
What is your operating system name💜💜
Am from Kenya and I really don't think the attacker was from Kenya😂Great series
There is Bandung on the geoLoc, wow
Are there any ways of getting the active response to block IP:s in a firewall appliance instead of the host firewall?
Yes, you can actually write your own scripts that execute as the active response to an alert. The location XML tag that he used specifies if the response is run on the agent machine or the wazuh server so you can specify where to run the script in response.
I noticed when you when you deployed the linux server on Linode, you did not setup ufw or fail2ban on linux server. If ufw and f2b are setup, will that effect Wazuh performance?
Hello, question, min 24:29 Check Wazuh API connection error, How did you fix it?
How can you install the wazuh agent on the wazuh server? I would like to monitor the actual server for attacks since its public facing. Thanks for the videos please create more with live attacks.
Wazuh-manager monitors itself.
bro, is there any chance to watch your videos with enable from application dark theme or if this is not a option to use "Dark reader" addons to browsers? It will be great if this is possible.
I can't run wazuh of windows 7 for some reason i have tried different versions but it still doesnt work any guides..
Hi. Once you've installed the central components on your Linux server, you can install a Wazuh agent on your Windows 7 endpoint following the "Installing Wazuh agents on Windows systems" guide on the Wazuh documentation site. Join the Wazuh community to get full answers
Please.... Never ssh with root. Basic rule 🙏
Does it help in stopping DOS attack on 443 port?
Wazuh has built-in rules to correlate multiple authentication failure events and identify brute force and DDoS attacks. But you can also create your own rules to detect specific attacks. The Wazuh active response capability acts on detection of an attack and can block the attacker's IP. Also, if you have a tool to detect DDoS attack you can make Wazuh read its logs and trigger alerts and an active response. Join the Wazuh community to get further answers.
@@javimed9669 Thanks👍
Katarzyna means „Kate” in Polish 😅
Please continue with web app penetration
Ubuntu is not operative. Alpine Linux is mine.
Katarzyna - Polish female name ;-).
Thank you for letting me know. Unfortunately I butchered the pronunciation.
@@HackerSploit Everything was perfect like you and your channel. I saw many Polish names and surnames in your video. But attacker IPs was from China. This is interesting regardless to what is happening in Ukraine. And how Poles help refugees from Ukraine. It may be naive but it is interesting.
First
Thank you!
ada indonesia coyy