Introduction To Wazuh SIEM
Ғылым және технология
This video will introduce you to Wazuh and will explain how it works and how it can be used for threat detection. In the context of blue team operations, Wazuh is a SIEM (Security Information Event Management) system that is used to collect, analyze, aggregate, index and analyze security-related data consequently allowing you to detect intrusions, attacks, vulnerabilities, and malicious activity.
You can register for part 2 of this series for free here: bit.ly/3yJqT3c
//LINKS
Wazuh: wazuh.com/
Wazuh Documentation: documentation.wazuh.com/curre...
Video Slides: bit.ly/38F2t0m
Register For Part 2 Of This Series: bit.ly/3yJqT3c
Get 100$ In Free Linode Credit: bit.ly/39mrvRM
//PLATFORMS
BLOG ►► bit.ly/3qjvSjK
FORUM ►► bit.ly/39r2kcY
ACADEMY ►► bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► bit.ly/3sNKXfq
DISCORD ►► bit.ly/3hkIDsK
INSTAGRAM ►► bit.ly/3sP1Syh
LINKEDIN ►► bit.ly/360qwlN
PATREON ►► bit.ly/365iDLK
MERCHANDISE ►► bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link (73% Off) ►► bit.ly/3DEPbu5
Get $100 In Free Linode Credit ►► bit.ly/39mrvRM
Get started with Intigriti: go.intigriti.com/hackersploit
//CYBERTALK PODCAST
Spotify ►► spoti.fi/3lP65jv
Apple Podcasts ►► apple.co/3GsIPQo
//WE VALUE YOUR FEEDBACK
We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
//THANK YOU!
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
-----------------------------------------------------------------------------------
#Cybersecurity#BlueTeam
Пікірлер: 53
Great evolution. From replacement OSSEC as HIDS to all in one security solution (SIEM+XDR).
Great.. Looking forward to the next one in this series.
very good topics with snort and wazuh, thanks
Thank you this was a great breakdown of this SIEM
Thank you so much as you do for teaching us
Great info, you got a new subscriber
For everyone who's reading this, wish you an amazing day! 🔥❤
@logmantarig
2 жыл бұрын
Thanks u too
@igotchabrothaofficial
2 жыл бұрын
Same to you!
@gsmzed2479
2 жыл бұрын
Have a great day too
@firosiam7786
2 жыл бұрын
Same 2 u bro
@anik6393
2 жыл бұрын
It was a bad day mate
The new version of Wazuh no longer has ELK onboard. It has been replaced with a native search and indexing solution. The gui is now different too. Would like to see this video redone based around the new version.
Thanks for the help!
need more video related to Wazuh SIEM
Great alexis
Setup and config video podunga bro
Does anyone know where I can get access to the rest of the series? There are 3 videos related to WAZUH on this channel, but in the description there's link for a part 2 in all of them. Problem is the link doesn't work and the uploader seems to be gone... Thanks.
Great
In preparation for this lab I installed and configured the Security Onion iso. How can I use it with this lab please?
Can wazuh 4.5.2 be installed on debian12? Can you make a flatpak, please?
please sir can u make us video on pegasus
No setup video?
You know in my red team/blue team engagement, the very first thing i did was to disable beat and Splunk UF and blue team was completely blind and oblivious of any attacks.
@killacups
Жыл бұрын
From a blue team's perspective, disabling of UF/EDR would trigger a detection right away. Or, if logging stops coming in.
@logicfirst7959
Жыл бұрын
@@killacups there hasn't been a single case in the last 10 years when detection triggered upon killing the UF/Beat process.
@killacups
Жыл бұрын
Sorry, my answer was a bit more generalized. This completely depends on the environment.
@dennisTHEmenac3
Жыл бұрын
Once elastic drops their update with their own native agents, wazuh will be useless. I’ve only ever used endgame for host agent (enterprise deployment) and if you’re somehow able to kill the endgame agent, it absolutely triggers an alert. Still can’t believe wazuh or beats doesn’t trigger on disable. That’s a huge open source gap if true
Do someone know ho to change ip adress of wazuh after installation?
I think am first to watch this
@valeriomenghini6219
2 жыл бұрын
That's what we all say
great information ❤️❤️🤍
Nice, First of all you make Elastic search video. There is lack video becasue you directly jump on wazuh.
👋👍
Does the Wazuh support with App logs?
@felixbecker5591
2 жыл бұрын
No but Filebeat does
@Born_rebel1992
Жыл бұрын
Yes it support integration of app log.
Need hive and s3 bucket integration videos too
@Born_rebel1992
Жыл бұрын
There is video on youtube for s3 bucket integration with wazuh
Whats difference between Wazuh and Splunk
@felixbecker5591
2 жыл бұрын
They are different products for logging. If you look into the Pricelists, you will see the difference 😂
@Born_rebel1992
Жыл бұрын
By using wazuh you will reduce logs size which you sending to splunk.you can use wazuh as filter for spending important logs to splunk.
isnt wazuh EDR/XDR? is it just a siem?
@felixbecker5591
2 жыл бұрын
It’s EDR/XDR yes. But in combination with ELK it could be used as a SIEM. But I think there are still a lot of missing functionalities
Monitoring non wazhuh devices
I create SIEM put wazu out of business :)
A lot is still missing, the engine at the base is still ossec with a “signature based type of rules”. Tu much correlation capabilities are missing to call it a siem. Of clouds… better then nothing but still, calling it a siem is misleading
@javimed9669
Жыл бұрын
Hi. Wazuh provides threat prevention, detection, and response capabilities and helps with regulatory compliance. It collects logs from disparate sources and analyzes near real time the security events. It also considers historical and contextual data allowing incident management. It has useful dashboards and reporting capabilities. Wazuh is indeed a complete SIEM + XDR platform. Perhaps you would like to discuss particular features you don't find in the product? What are the missing correlation capabilities? Thank you.