Today we had a blast playing with Wazuh as a SIEM you can use for work and/or home. Inspiration for this episode came from Network Chuck.
This one-liner will literally get Wazuh installed in about 5 minutes:
curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
P.S. if you accidentally close your command window before writing down the admin password (like I did), you can use this command to retrieve it:
sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt
Once Wazuh is installed, I recommend going to Management > Configuration > Edit Configuration, look for a section that starts with <vulnerability-detector>
and change <enabled>no</enabled>
to <enabled>yes</enabled>
.
Also, before you start deploying agents, I recommend making some groups for them, which I believe has to be done at the command line:
/var/ossec/bin/agent_groups -a -g windows-boxes -q
/var/ossec/bin/agent_groups -a -g linux -q
From there you should be ready to start rockin’ some agent installs. Have fun!
Share on socials: