Wazuh Agent Install - World's Best OpenSource EDR Agent!
Ғылым және технология
Join me as we continue on to Phase 4 of the World's Best SIEM Stack Series, installing our Wazuh Agents onto our Linux and Windows endpoints.
Blog Post: / part-4-wazuh-agent-ins...
Contact Me: taylor.walton@socfortress.co
LinkedIn: / socfortressmdr
Twitter: / socfortress
Our Blog: / socfortress
Buy Me A Coffee: bit.ly/3woh21M
Our Blog: / socfortress
Security Operations Center as a Service: www.socfortress.co/
Free For Life Tier: www.socfortress.co/trial.html
Professional Services: www.socfortress.co/ps.html
Discord Channel: / discord
Series Playlist: • World's Best SIEM Stack
Пікірлер: 16
Great stuff, please keep going with this! Thanks for sharing your experience and knowledge.
your content is pure gold
Can't wait for next video. Thank you.
Thank you!
Great !
What about wazuh and VT integration?
Can someone suggest or show the full instructions for those who do not understand. I tried to connect the wazuh-agent over the NAT network, but eventually realized that I needed a bridge, but DHCP does not automatically give me network settings.
Strange behavior - when I try to setup agent on Windows 2012R2 or higher I need to use Window7+ toolset instead of Windows Server 2008 to deploy the agent. A little bit not intuitive. And one question - why didn't consider to use sysmonconfig-with-filedelete.xml instead of sysmonconfig.xml ? Did you test it?
sysmon is indeed great tool for network connections tacking. What about sysmon for linux?
@taylorwalton_socfortress
Жыл бұрын
Sysmon for linux is great when it works but ive found it to not be very stable on many Linux distros
@vadimkutia6516
Жыл бұрын
I think, that best sysmon config for SIEM is config from ionstorm
hello hi, can you integrate oracle database with wazuh? how to collect the logs of queries run in database in wazuh???
@waleedsaeed7521
Жыл бұрын
@Federico Pacher can you please please please make this tutorial video for monitoring oracle database in wazuh..?
Anyone running Wazuh on an enterprise level?
port 1514 arrrrghhh!!!
great info! However, I would admonish the uninitiated to parse through all GitHub content AND ALL DEPENDENCIES prior to deployment to a production environment. It is not IF, it is WHEN will this pwn the most well intentioned amongst us. Blind cut/paste of anything also has and will hurt your feelings, eventually. And if you don't understand the code completely, return when you do.