Full Wazuh Install - The SOCFortress Way

preview_player
Показать описание
Join me as we install the latest version of Wazuh (4.4)! Deploy your own SIEM solution today!

  1. Taylor Walton
  2. wazuh
  3. siem
  4. opensearch
  5. infosec
  6. soc
Рекомендации по теме
Full Wazuh Install 0:25:42

Full Wazuh Install - The SOCFortress Way

Wazuh All-in-One Server 0:15:47

Wazuh All-in-One Server Installation Guide: Boost Your Security!

Tutorial: Wazuh SIEM 0:26:08

Tutorial: Wazuh SIEM - Installation and Configuration (Complete Steps)

step-by-step wazuh installation 0:06:14

step-by-step wazuh installation (complete) | wazuh siem solution | 2024

this Cybersecurity Platform 0:39:46

this Cybersecurity Platform is FREE

Wazuh Crash Course 2:05:31

Wazuh Crash Course | 2 Hour+ Free Course(Must for Security Analyst)

Installing & Configuring 0:27:52

Installing & Configuring Wazuh

you need this 0:32:06

you need this FREE CyberSecurity tool

Wazu of a 0:00:56

Wazu of a Muslim guy #subhanAllah#islamicteachings #religion

Install Wazuh on 0:48:54

Install Wazuh on ubuntu 22.04 | Wazuh Installation on Ubuntu | Steps to install Wazuh on Ubuntu

Wazuh tutorial 1. 1:16:52

Wazuh tutorial 1. Wazuh complete guide for beginners, Intro., Installation and confi. in english

Wazuh Installation und 0:29:45

Wazuh Installation und Konfiguration sowie einrichten eines Windowsagent

Wazuh 101 - 0:39:49

Wazuh 101 - Part 1: Getting started with Wazuh, Open Source EDR, presented by Jesse Moore

FREE Cybersecurity Tool 0:36:10

FREE Cybersecurity Tool - Wazuh Tutorial for Beginners

How to install 0:02:30

How to install Wazuh server and agent on ubuntu in 5 minutes

Secure your HomeLab 0:33:59

Secure your HomeLab for FREE // Wazuh

Wazuh Indexer Install 0:41:15

Wazuh Indexer Install - Installing our SIEM Backend Storage

Boost Your Cybersecurity: 0:11:40

Boost Your Cybersecurity: Easy Wazuh Setup on Ubuntu 24.04!

Easy Wazuh Installation 0:14:42

Easy Wazuh Installation on Proxmox

A Beginner's Guide: 0:04:41

A Beginner's Guide: How to Install Wazuh on Kali Linux - Step-by-Step Tutorial

Install Wazuh 4.9 0:26:41

Install Wazuh 4.9 on CentOS| Latest Wazuh | Install Wazuh Step by Step | Latest Wazuh SIEM

Wazuh Configuration | 1:42:24

Wazuh Configuration | Wazuh all Configuration | Wazuh SIEM | Open-Source | All Settings

Wazuh Agent Setup: 0:11:39

Wazuh Agent Setup: Your Essential Guide

WAZUH - 2 0:18:26

WAZUH - 2 .Installation complete du SIEM

Комментарии
Автор

May I suggest an audio upgrade. You can get a USB lavalier mic for under $10.

NetBandit
Автор

You've built some automations and a lot of cool stuff. I'd be interested in a demo video that just showcases all these in one sitting as if we were the SOC analysts at the console and to see some cases being worked from start to finish. No explanations of the back end or anything but just full on start to finish of case work in a real world scenario. That would be awesome to see it in action at the higher level.

neoninsv
Автор

Great content. Your audio is lousy so maybe look into some sound foam or a better microphone or something. Thanks again for great content.

BrianGood
Автор

This is so cool thank you for this. I ran into some snags following the written guide but the video cleared some things up. I am running this on Debian 12 and one of the issues is the lack of binaries for mongodb so I found a short guide on using Ubuntu binaries and it works. I am running this in an Xcp-ng VM and it looks like its all running smoothly. Now to tinker with wazuh and graylog.

Wahinies
Автор

FINALLY.

After 7 times trying I finally got this up For those using proxmox make sure you run privileged containers on LXC and debian 11. Debian12 does not have a binary for Deb12 yet.

I'm still having an issue with proxmox rewriting my hosts file upon each restart Looking forward to that API!

jimskyboy
Автор

Always great content, however I’m not sure if you’re aware Taylor but if you are trying to use Graylog ingestion and indices and expect to use the Wazuh dashboard for alerts it doesn’t work. It breaks absolutely everything. Graylog secretly changes all the key pair fields to use an underscore whereas the Wazuh uses a dot in field names… 😢 -- Basically - Garlog does not allow "." characters in field names since version 2.0 of Elastic...Support has been restored since version 5.0. - However, Wazu is using forked Opensearch and they haven't changed this yet....
For compatibility, Graylog replaces "." with "_" silently - it doesn't matter what you put in your extractor.... So Wazuh (OpenSearch 2.4.1 which I have... confirmed) expects their fields to have a "." in them... So if you ingest your agent logs to Gralog - via Fluent-bit and connect it back to Wazuh Indexer (Opensearch 2.4.1 for Wazuh 4.4.0) the fields all have _ as the key separators in each field... So rule.id becomes rule_id and manager.name becomes manager_name - Wazuh dashboard becomes useless and doesn't display anything... This may not be a problem if you don't plan to use the Wazuh DashBoard for alerts and events like if you are using Grafana...

rogereales
Автор

Excellent! TYSM, welcome back Taylor !

armartrissahyakkahyzerzakd
Автор

Hey Taylor, is there anyway you can do a updated video? I've watch both this one and the previous version, and I'm still having issues. IDK if it's because there is Wazuh 4.9 now, or because there is a newer version of Graylog, but I'm unable to get past this setup of the SIEM stack and I've been working on it for almost two weeks now for a client. Any guidance or assistance would be lovely! Thanks for all you do!

YouDontNeedToKnow-
Автор

Taylor Walton, May I suggest you do a new video for Wazuh 4.8

AliciaFernandez-zypn
Автор

Hi Taylor, excellent stuff always!! Please, are you able to share docker setup for latest wazuh with greylog

victorabiola
Автор

man can you give me a roadmap to being a good analyst . to learn all these things, for an absolute beginner

wtseriously
Автор

Hey Taylor, thanks a lot for this video, i was stuck with graylog error due to version miss matching. you saved my job :)
Thanks a lot again.

iammodibhakth
Автор

What SSH connection manager are you using? Looks nifty

JustinJ.
Автор

I would like to say maybe you should cover some troubleshooting steps as not everyone will get through without errors. Your assuming it will just go smoothly.

BradyBrannon-lj
Автор

Hey Taylor, awesome work. I was wondering if you could upload a video where we can integrate Wazuh with DFIR-IRIS via shuffle. Relatively same as Wazuh+Shuffle+TheHive+Cortex.

junder
Автор

Please make a video regarding how alerts are triggered in wazuh and how to investigate

klrahul
Автор

As always Great! Thank you for your work!

Зеркало-ео
Автор

Thank you for the great video! I was able to follow along with just a few modifications on Debian 12. I made it all the way to the end but I'm not seeing any logs in Graylog even after reconnecting SSH. Any ideas?

JasonJonesoriginal
Автор

watching your series really has me motived to play around with some of this tech in my homelab. do you have a diagram to cover the full stack of tech used? summer holidays coming up!

MrTolcher
Автор

Hi Taylor, your content is excellent! HUGE thanks! 🤝 How can the same be done with docker? I am trying to separate each deployment of services into their own config file, to keep my eyes above water, perhaps I will be able to join all of this into a single docker-compose yaml including persistent volumes using NFS 😳 I foresee the use of nginx on the host, rather than a container for routing https traffic, but how can this be done, certificate-wise? I am building this for internal use, so I make use of an inrernal CA. So far I have not seen any videos describing a build with an internal CA, working and tested throughout. Could you show this to us newbie folk?

RC-ecut