7MS #582: Using Wazuh as a SIEM for Work and Home
7 Minute Security31 Jul 2023

7MS #582: Using Wazuh as a SIEM for Work and Home

Today we had a blast playing with Wazuh as a SIEM you can use for work and/or home. Inspiration for this episode came from Network Chuck.

This one-liner will literally get Wazuh installed in about 5 minutes:

curl -sO https://packages.wazuh.com/4.4/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

P.S. if you accidentally close your command window before writing down the admin password (like I did), you can use this command to retrieve it:

sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt

Once Wazuh is installed, I recommend going to Management > Configuration > Edit Configuration, look for a section that starts with and change to .

Also, before you start deploying agents, I recommend making some groups for them, which I believe has to be done at the command line:

/var/ossec/bin/agent_groups -a -g windows-boxes -q /var/ossec/bin/agent_groups -a -g linux -q

From there you should be ready to start rockin' some agent installs. Have fun!

Episoder(713)

7MS #9: Information Security for the Whole Family (audio)

7MS #9: Information Security for the Whole Family (audio)

In this episode I talk about how being an infosec guy has ruined my family's life (well, not really) Download: Episode 9: Information Security for the Whole Family (audio) Show notes: To keep peace in...

29 Mar 20147min

7MS #8: CISSP – Is That the Cert for Me? (audio)

7MS #8: CISSP – Is That the Cert for Me? (audio)

In this episode I talk about my experience prepping for the CISSP exam. Download: Episode 8: CISSP – Is That the Cert for Me? (audio) Show notes: I used this book as my primary study tool. It comes wi...

22 Mar 20147min

7MS #7: External Vulnerabilities that Byte (audio)

7MS #7: External Vulnerabilities that Byte (audio)

Episode lucky #7!!! In this episode I talk about external network vulnerabilities that we see in many of our assessments – some of which are pretty easy to clear up. Download: Episode 7: External Vuln...

15 Mar 20147min

7MS #6: Fun Firewall Rules – part 2 (audio)

7MS #6: Fun Firewall Rules – part 2 (audio)

In this episode I continue talking about some basic firewall rules that many organizations don't have in place. Download: Episode 6: Fun Firewall Rules – part 2 (audio) Show notes: Limit outbound DNS ...

8 Mar 20147min

7MS #5: Fun Firewall Rules – part 1 (audio)

7MS #5: Fun Firewall Rules – part 1 (audio)

In this episode I talk about some basic firewall rules that many organizations don't have in place. Download: Episode 5: Fun Firewall Rules – part 1 (audio) Show notes: Block outbound port TCP 25 for ...

1 Mar 20147min

7MS #4: Patch Strategies: Part Deux (audio)

7MS #4: Patch Strategies: Part Deux (audio)

In this episode I continue talking about some dos and donts of patch strategies – this time talking about enterprise level gear. Download: Episode 4: Patch Strategies: Part Deux (audio) Show notes: Th...

22 Feb 20146min

7MS #3: Patch Strategies: Part 1 (audio)

7MS #3: Patch Strategies: Part 1 (audio)

In this episode I talk about some trends (and problems) we're seeing on the patching front – specifically OS and third-party apps. Download: Episode 3: Patch Strategies: Part 1 (audio) Show notes: Mos...

13 Feb 20147min

7MS #2: The Importance of Logging and Alerting! (audio)

7MS #2: The Importance of Logging and Alerting! (audio)

In this episode I talk about how a client of ours learned a hard lesson: that the lack of logging/alerting makes for a pretty miserable investigation after they were breached. Download: Episode 2: The...

1 Feb 20147min

Populært innen Politikk og nyheter

giver-og-gjengen-vg
aftenpodden
aftenpodden-usa
forklart
stopp-verden
i-retten
popradet
lydartikler-fra-aftenposten
rss-gukild-johaug
det-store-bildet
nokon-ma-ga
dine-penger-pengeradet
fotballpodden-2
rss-ness
hanna-de-heldige
aftenbla-bla
frokostshowet-pa-p5
rss-dannet-uten-piano
rss-utenrikskomiteen-med-bogen-og-grasvik
ta-dokumentar