Intrusion Detection with Wazuh | Blue Team Series with Hackersploit
Ғылым және технология
In this episode of our Blue Team series with @HackerSploit , we cover intrusion detection with Wazuh. Wazuh is an open source security platform that unifies historically separate functions into a single agent and platform architecture. Protection is provided for public clouds, private clouds, and on-premise data centers.
Chapters:
0:00 Introduction
00:22 What We’ll Be Covering
1:38 Wazuh Prerequisites
1:48 Introduction to Wazuh
3:52 Wazuh Features
4:42 How Does Wazuh Work?
12:19 About Our Lab Environment
14:33 Deploying Wazuh
16:50 Beginning the Practical Demo
17:29 Create Your Own Wazuh Server
23:14 How to Access Your Wazuh Server
25:09 Configuring Wazuh for the First Time
28:48 An Overview of Wazuh Modules
32:31 An Overview of the Management Area
47:17 How to Setup Wazuh Agents
54:52 What Events an Agent Display?
1:04:40 All About Integrity Monitoring
1:06:06 How to Stop the Brute Force
1:16:04 Back to Integrity Monitoring
1:21:08 How to use Filtering
1:23:50 About Vulnerabilities
1:28:14 Making Use of Mitre Intelligence
1:35:06 Conclusion
New to Cloud Computing? Get started here with a $100 credit → www.linode.com/linodetube
Read the doc for more information on deploying Wazuh → www.linode.com/docs/products/...
Learn more about Wazuh in the Linode Marketplace → www.linode.com/marketplace/ap...
Subscribe to get notified of new episodes as they come out → kzread.info?sub_co...
#Linode #wazuh #cybersecurity
Product: Linode, Security, Blue Team; @HackerSploit ;
Пікірлер: 22
Thanks for the video, this was very informative!
The Active Response is not working because you misconfigure the location. It must be local and not localhost. local
Hi very interessing , i just have a couple of question , if you don´t mind, what is the diference between wazuh and splunk ? and also can we consider wazuh as an IPS ?
Nice video
hello i am facing the error my wazuh agent is connected but not show logs and data at security events how to fix this issue
Hello Please can someone help me with the default credentials for the wazuh server installed using linode as on this tutorial? I have used admin/admin as user name and password also root/root and also wazuh/wazuh but I have not been able to log in
23:18 when i copy the IP and paste it into the browser it says "This site can’t be reached"
The firewall drop rule just drops that specific ip for the number of seconds specified. This prevents people from hammering your server and actually brute forcing their way in because they can only get 10 tries every X seconds
How can you install the wazuh agent on the wazuh server? I would like to monitor the actual server for attacks since its public facing. Thanks for the videos please create more with live attacks.
@ST-actual
3 ай бұрын
Server manages itself as localhost. You don’t need to add an agent manually
how about malware detection? or utilizing virustotal?
Thank you so much for the demonstration, i wonder if wazuh has any agents for mobile devices.
@javimed9669
Жыл бұрын
Hi. Although there isn't any Wazuh agents for mobile devices, you could forward system logs to the Wazuh server using a Syslog client app (granting it the appropriate syslog reading permissions) and creating custom decoders and rules for specific alerts from those logs.
Hello, from Montreal, Canada... Your video was informative, however your all over the place when explaining things, i found it a bit confusing. It's almost like you either did not prepare for the making of this video or you have not used this software in a long time. There was not enough detail, or any specific order on how to add an agent, and configure email alerts for, either vulnerabilities or updates. Thanks and have a great day.
Linode is so irritating when signing up! there's a reason they couldnt cross AWS despite being early
hi bro. i can't see the available fields
@gjgaming3522
Жыл бұрын
આ
You'r using sudo while you are root??
@ST-actual
Жыл бұрын
😂😂😂😂😂
@Peeki
3 ай бұрын
Im guessing it's for others who follow that's not on root.
Imagine having some SOC-nobody adding firewall rules manually in some dumb xml-file :D