This channel is a goldmine! Thank you for all your time and effort!!

Came across your videos a month ago and won't stop until I see ALL of them. But what really cranked me up here was hearing how PUMPED up you were when you saw it's a real(-time) attack. Gold. :) Thanks for the awesome videos. PLEASE keep doing them.

Thank you for creating this awesome content. Glad to see those real time attack surface and mitigation techniques. You are doing great job Alexis ❤🙌

Fantastic series! It's awesome that your Ubuntu instance was actively being attacked while you were making this video. That really demonstrates the value of a SIEM and also highlights the fact that attackers are always trying something. Thanks for the videos!

Really informative, thank you!

Great video. Loved the demo with adding some active defense.

Thank you very much, very interesting content, especially with that unexpected brute force attack. A real case.

Great video! I did not realize Wazuh can configure action to add active response rule. Thank you for the content! I learned a lot

It is very much knowledgeable video for those who are Wazuh Siem Administrator. Thanks HS

One of the best infoSec expert..🙏

Thank you!

I think this is one of your better how-to videos. The real attack and watching how you used Wazuh to gather details and invoke a basic defense definitely added to what otherwise would have been a rather boring walk-through of the installation and capabilities.

Thanks for the great video. Is there an option to to add some kind of logic to the active responses? For example, block the IP address only after 5 or 10 failed attempts?

Hello thanks for detailed video on Wazuh! Could you please cover correlation part also.

bro, is there any chance to watch your videos with enable from application dark theme or if this is not a option to use "Dark reader" addons to browsers? It will be great if this is possible.

Great ! Very fruitable … 🤓

Hey bro your all videos are very informative... Can you please make a video on DArknet chip (How it is use)

This video has been so useful! The one question I have, is how to build a set of rules that can be built into the solution **before** moving a server into production. To me, that would seem to be better than trying to deal with problems as they happen.

when we set the rule to prevent the brute force attack, That rule is for all the traffic from externa network?

Nice walkthrough I am learning security onion in school and noticed Wazuh is part of it.

@nbctcp3450

Жыл бұрын

between them which one better and easier

@QuantumNaut

Жыл бұрын

@@nbctcp3450 security onion is pretty easy to use so i would say that one but probably because i've used it more than wazuh shown in the video

@nbctcp3450

Жыл бұрын

@@QuantumNaut I have tried SecurityOnion last night. The problem was. 1. I can't pull as docker image 2. iso size is big 8GB and 6GB of it is docker repository I can't find on how to install SO in Docker. If you have one please let me know

I noticed when you when you deployed the linux server on Linode, you did not setup ufw or fail2ban on linux server. If ufw and f2b are setup, will that effect Wazuh performance?

How can we integrate the hive with wazuh plz make an video

Are there any ways of getting the active response to block IP:s in a firewall appliance instead of the host firewall?

@andrewhughes459

Жыл бұрын

Yes, you can actually write your own scripts that execute as the active response to an alert. The location XML tag that he used specifies if the response is run on the agent machine or the wazuh server so you can specify where to run the script in response.

thanku for this kind of knowledge video we want more about it plz sir.....and ur voice is more magical

Hello, question, min 24:29 Check Wazuh API connection error, How did you fix it?

I can't run wazuh of windows 7 for some reason i have tried different versions but it still doesnt work any guides..

@javimed9669

Жыл бұрын

Hi. Once you've installed the central components on your Linux server, you can install a Wazuh agent on your Windows 7 endpoint following the "Installing Wazuh agents on Windows systems" guide on the Wazuh documentation site. Join the Wazuh community to get full answers

How can you install the wazuh agent on the wazuh server? I would like to monitor the actual server for attacks since its public facing. Thanks for the videos please create more with live attacks.

@leninagoras

4 ай бұрын

Wazuh-manager monitors itself.

Very informative video on Wazuh Active Response

There is Bandung on the geoLoc, wow

Does it help in stopping DOS attack on 443 port?

@javimed9669

Жыл бұрын

Wazuh has built-in rules to correlate multiple authentication failure events and identify brute force and DDoS attacks. But you can also create your own rules to detect specific attacks. The Wazuh active response capability acts on detection of an attack and can block the attacker's IP. Also, if you have a tool to detect DDoS attack you can make Wazuh read its logs and trigger alerts and an active response. Join the Wazuh community to get further answers.

@farhamandkhan

Жыл бұрын

@@javimed9669 Thanks👍

Am from Kenya and I really don't think the attacker was from Kenya😂Great series

What is your operating system name💜💜

Please.... Never ssh with root. Basic rule 🙏

Please continue with web app penetration

Katarzyna means „Kate” in Polish 😅

Katarzyna - Polish female name ;-).

@HackerSploit

2 жыл бұрын

Thank you for letting me know. Unfortunately I butchered the pronunciation.

@devurien

2 жыл бұрын

​@@HackerSploit Everything was perfect like you and your channel. I saw many Polish names and surnames in your video. But attacker IPs was from China. This is interesting regardless to what is happening in Ukraine. And how Poles help refugees from Ukraine. It may be naive but it is interesting.

Ubuntu is not operative. Alpine Linux is mine.

First

ada indonesia coyy