you need this FREE CyberSecurity tool

Показать описание

The Wazuh Marketplace app was temporarily hidden in Cloud Manager v1.98.0 while they investigate and resolve a critical error resulting in broken deployments. It should be back real soon!

In this video, we discuss the best free cybersecurity tool you need to try: Wazuh. This open-source Security Information and Event Management (SIEM) system is the ultimate tool to help you protect your devices and networks like a cybersecurity expert. We'll show you how to deploy Wazuh, monitor changes to files and the Windows registry, detect unauthorized processes, and more. Plus, we'll discuss the importance of understanding blue team defense and how Wazuh can help you become a cybersecurity expert.

LINKS:
---------------------------------------------------

**Sponsored by Linode Cloud Computing from Akamai

SUPPORT NETWORKCHUCK
---------------------------------------------------

READY TO LEARN??
---------------------------------------------------

FOLLOW ME EVERYWHERE
---------------------------------------------------

0:00 ⏩ Intro
1:31 ⏩ what do you need??
2:31 ⏩ Installing Wazuh in the Cloud
5:11 ⏩ let’s see if our wazuh is ready
6:23 ⏩ Wazuh Docker Installation
9:43 ⏩ Adding agents in Wazuh
13:27 ⏩ secure configuration assessment
14:39 ⏩ security events
14:52 ⏩ vulnerabilities
15:25 ⏩ Windows hosts - integrity monitoring
16:38 ⏩ FIRST: file monitoring through windows
20:41 ⏩ changing the interval
23:06 ⏩ key changes
23:56 ⏩ SECOND: Actions
25:06 ⏩ Active response
27:44 ⏩ Vulnerabilities
29:13 ⏩ Slack Alerts
31:29 ⏩ Outro

AFFILIATES & REFERRALS
---------------------------------------------------
(GEAR I USE...STUFF I RECOMMEND)

Wazuh is an open-source Security Information and Event Management (SIEM) system.
Wazuh can help protect your devices and networks like a cybersecurity expert.
This video discusses the best free cybersecurity tool - Wazuh.
You'll learn how to deploy Wazuh, monitor changes to files and the Windows registry, detect unauthorized processes, and more.
This video covers the importance of understanding blue team defense and how Wazuh can help you become a cybersecurity expert.
Wazuh is the ultimate security tool for monitoring changes to files, the Windows registry, and detecting unauthorized processes.
By deploying Wazuh, you can become a cybersecurity expert and protect your devices and networks from cyber attacks.
Wazuh uses the Mitre attack framework, compliance, SCA, and security events to help you protect your devices and networks.
Wazuh's slack integration enables you to stay up-to-date with alerts and active responses.

#wazuh #cybersecurity #free

Рекомендации по теме

Комментарии

Wazuh founder here. I love the video! Thank you Chuck.

Currently our team, in collaboration with our users community, is working on improving Wazuh, making it easier to use and more capable. We are motivated to create a quality, free, and open-source alternative to the prevalent commercial solutions. Indeed, we want to help democratize access to these kinds of security products.

santiago.bassett

For those who are following this recently there are a few differences but if you're struggling to talk to your manager you need to check the iptables on your managment box.

Opening an input rule for ports 1514 and 1515 on your managment box is needed for your machine to communicate with it.

Running both -
sudo iptables -I INPUT -m tcp -p tcp --dport 1515 -j ACCEPT
sudo iptables -I INPUT -m tcp -p tcp --dport 1514 -j ACCEPT

will allow you to establish a connection.

spenny

Security Professional here! Awesome video Chuck!! Any newer security analysts, do this lab and continue to monitor and work with this tool!! If I saw this lab on your resume your application would be at the top. These are real world skills you will use daily working in a Security Operations Center. I have been sending this video to any junior analysts I know. Thank you again Chuck for the great content!! Would love to see more blue team content like this!

obiwan-hfvp

Hey Chuck! I know you'll never read this, however, you should try spinning up a Security Onion VM in your internal lab/farm and check it out. Wazuh is just ONE of that many SIEM apps/utilities included. It could make for a lot of quality content if you did a brief "intro/overview" on each of the apps (Playbook, FleetDM, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, Zeek, and ofc Wazuh). For your followers interested in SOC Analyst/Cybersecurity, this would be a great taste of reality for those perusing that career path. Yes it's open source (free). Just an idea.

jjann

We need more self hosted security and blue team content.

neerajbabu

Thank You Chuck ... :)

A year ago, when I first saw your channel, you became my inspiration to change my life. I changed my career and since June 2023 I have been working in IT :)

Great channel keep it up :)
You're doing a great job!

U_CantTouchThis

Dude, you're the best! As a hardcore dev of over 15 years who ended up moving into business / tech strategy role and then returning to hands-on tech both as a fun hobby as well to fulfill a practical need to remain current with the detail to be effective in my job, your videos and topic range tick all the boxes. You've mastered the art of both providing sufficient depth and explanation at speed so as not frustrate viewers like me that often eyeroll at videos speaking at the "noob" level, while also being equally helpful to those learning for the first time that are noobs. Love the content, depth, pace, and wide range of topics. Keep it up, if you don't have one already, NUMBER ONE FAN, RIGHT HERE!!

kukuxumusu

I wazuh going to say nothing at first but the enthusiasm @20:12 was so palpable. 😆😂

KenSherman

Just a hint, instead of manually changing configuration on each host, its better to use shared configuration in the admin console. You can make groups out of agents and apply taht shared config to specific groups. Much easier to do it once than changing for example 200 config files or making script for AD to copy that config file.

hule

Security Engineer here, great content on this video.
I've been working with wazuh for quite some time now, and it's amazing how you can create your own rules, decoders, and custom integrations.
Wazuh is a beast once you dedicate the time

nunomoreira

If you're only monitoring a small number of client systems, the $5/month Linode should work just fine. However, you have to create and mount additional swap space (swapfile in this case is easiest). Obviously not recommended for a production environment, but works fine for a home lab.

TravisHershberger

Thank you Chuck! I work for a security company that sells a SIEM product, but my access is very limited, and information is not shared (security people tend to be tight lipped). With Wazuh I can finally try out these concepts without limitations, and learn the terminology so that I'm speaking the same language as the engineers I work with. Wazah will be going on a spare NUC this weekend, so thanks for giving me something to do this weekend!

zathrasjr

I reckon Chuck is dosing only the purest speed in those coffee mugs. A true GOAT

benny

As a cybersecurity content creator, it's essential to emphasize the significance of free and open-source solutions, while also raising awareness about the potential risks they may pose to your data and network security if not managed properly.

wolverine

Chuck look like my Grandpa wearing those glasses 😂

Synclon

Oh my gosh. I didn't realize this existed. I have been fighting with the self hosted ELK stack and standalone OSSEC agent for literally months and did not realize that is what this is, all packaged for me.

brennonoverton

Hey Chuck, I know chances of you reading this are pretty slim. However, I wanted to stop by and pay my respects. Because of you and your videos I was able to pull myself of a very dark place. After long hours and hard work, I passed the security + today. Thank you for the videos.

jonathanspangler

Hell yes, you did it! :P I started with Wazuh two years ago and implemented it in my business. Currently, I'm using the default Wazuh ruleset, and I've written around 200, 000 rules, I guess. But anyway, getting alerts is a nice-to-have, and not logging everything is the best you can do. However, the almighty kill feature is the FIM Module and the active response.

The Active Response will handle the firewall drop and block brute force attempts by itself. I configured the FIM module on a folder, let's say /root/fim_auto_ansible, and there is a cronjob that downloads the new version of auditd/rules.d daily. The FIM will only trigger the alert when the File-SHA is different. With a local_rule, you can trigger an ansible-playbook command that copies the new rule.d file to all servers and shows you the changes on the Wazuh dashboard in the alert log.

I enjoy experimenting with some exciting configurations and rebuilding some stuff. I use OpenSearch to send the logs from the Wazuh-manager, first with Fluent-bit to Graylog in a JSON format. If you are using Wazuh with different tools and operating systems, you need to normalize the fields from a log to get better and faster searches.

But this is really a deep dive into it. Keep up the great work!

Angelizius

Everytime you say Wazuh, it makes me think about that term I'm currently attending a Cyber Security School and I just went through a module that taught about this application. Thanks for setting it up Chuck. Knowledge can't be used unless its applied to a real world scenario.

SonOfJoy

Hey *Metaspyclub* what an amazing work this has been and with all the crazy detection that you guys make possible. You guys take hacking to a whole new level and get the job done ASAP!!! I'm wondering what are all your personal qualifications?I don't think that it was ever mentioned before.

ayseertas

you need this FREE CyberSecurity tool

Cyber Security Training for Beginners #cybersecurity #hacking

Cybersecurity Roadmap 2023 ! #cybersecurity

Is The Google Cybersecurity Professional Certificate Worth It? 🧐

The Complete Cybersecurity Roadmap: Land a Cybersecurity Job in 10 Months

Cybersecurity for Beginners: Basic Skills

5 Crucial Cybersecurity Tips with Ryan Montgomery: Protect Yourself from Hackers NOW! #ShawnRyanShow

What You Should Learn Before 'Cybersecurity' - 2023

I Don't Like Cybersecurity Degrees #programming #coding #lowcode

These Hacking Skills Will Shock You (No Coding Needed!) 🔥

The Pros and Cons of Cybersecurity!

Free Security Tools Everyone Should Use

7 Free Cybersecurity Resources

Free Cybersecurity Certificate Course - Cybersecurity for Everyone

Getting Into Cyber Security: 5 Skills You NEED to Learn

Get Cybersecurity Skills QUICKLY (2 Resources You Need Now)

Free Training: Start a Cybersecurity Career In The Next 7 Days Without Coding Skills!

How I Went from $33k Helpdesk to $200k Cybersecurity Architect (Self-taught without a Degree)

Cybersecurity for Beginners | Google Cybersecurity Certificate

Watch This Russian Hacker Break Into Our Computer In Minutes | CNBC

What Is Cyber Security | How It Works? | Cyber Security In 7 Minutes | Cyber Security | Simplilearn

NO.1 HACKER EXPLAINS HOW TO HACK A WIFI! #ryanmontgomery #pbdpodcast #cybersecurity

Easiest way to get a CyberSecurity job with Not much Experience!

Is The Google Cybersecurity Professional Certificate ACTUALLY Worth It?

A Day in the Life of a Cybersecurity Consultant