@spenny9352
For those who are following this recently there are a few differences but if you're struggling to talk to your manager you need to check the iptables on your managment box. Opening an input rule for ports 1514 and 1515 on your managment box is needed for your machine to communicate with it. Running both - sudo iptables -I INPUT -m tcp -p tcp --dport 1515 -j ACCEPT sudo iptables -I INPUT -m tcp -p tcp --dport 1514 -j ACCEPT will allow you to establish a connection.
@obiwan-hf1vp
Security Professional here! Awesome video Chuck!! Any newer security analysts, do this lab and continue to monitor and work with this tool!! If I saw this lab on your resume your application would be at the top. These are real world skills you will use daily working in a Security Operations Center. I have been sending this video to any junior analysts I know. Thank you again Chuck for the great content!! Would love to see more blue team content like this!
@U_CantTouchThis
Thank You Chuck ... :) A year ago, when I first saw your channel, you became my inspiration to change my life. I changed my career and since June 2023 I have been working in IT :) Great channel keep it up :) You're doing a great job!
@neerajbabu6643
We need more self hosted security and blue team content.
@jjann54321
Hey Chuck! I know you'll never read this, however, you should try spinning up a Security Onion VM in your internal lab/farm and check it out. Wazuh is just ONE of that many SIEM apps/utilities included. It could make for a lot of quality content if you did a brief "intro/overview" on each of the apps (Playbook, FleetDM, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, Zeek, and ofc Wazuh). For your followers interested in SOC Analyst/Cybersecurity, this would be a great taste of reality for those perusing that career path. Yes it's open source (free). Just an idea.
@kukuxumusu82
Dude, you're the best! As a hardcore dev of over 15 years who ended up moving into business / tech strategy role and then returning to hands-on tech both as a fun hobby as well to fulfill a practical need to remain current with the detail to be effective in my job, your videos and topic range tick all the boxes. You've mastered the art of both providing sufficient depth and explanation at speed so as not frustrate viewers like me that often eyeroll at videos speaking at the "noob" level, while also being equally helpful to those learning for the first time that are noobs. Love the content, depth, pace, and wide range of topics. Keep it up, if you don't have one already, NUMBER ONE FAN, RIGHT HERE!!
@Angelizius
Hell yes, you did it! :P I started with Wazuh two years ago and implemented it in my business. Currently, I'm using the default Wazuh ruleset, and I've written around 200,000 rules, I guess. But anyway, getting alerts is a nice-to-have, and not logging everything is the best you can do. However, the almighty kill feature is the FIM Module and the active response. The Active Response will handle the firewall drop and block brute force attempts by itself. I configured the FIM module on a folder, let's say /root/fim_auto_ansible, and there is a cronjob that downloads the new version of auditd/rules.d daily. The FIM will only trigger the alert when the File-SHA is different. With a local_rule, you can trigger an ansible-playbook command that copies the new rule.d file to all servers and shows you the changes on the Wazuh dashboard in the alert log. I enjoy experimenting with some exciting configurations and rebuilding some stuff. I use OpenSearch to send the logs from the Wazuh-manager, first with Fluent-bit to Graylog in a JSON format. If you are using Wazuh with different tools and operating systems, you need to normalize the fields from a log to get better and faster searches. But this is really a deep dive into it. Keep up the great work!
@hule8899
Just a hint, instead of manually changing configuration on each host, its better to use shared configuration in the admin console. You can make groups out of agents and apply taht shared config to specific groups. Much easier to do it once than changing for example 200 config files or making script for AD to copy that config file.
@nunomoreira4678
Security Engineer here, great content on this video. I've been working with wazuh for quite some time now, and it's amazing how you can create your own rules, decoders, and custom integrations. Wazuh is a beast once you dedicate the time
@jonathanspangler1
Hey Chuck, I know chances of you reading this are pretty slim. However, I wanted to stop by and pay my respects. Because of you and your videos I was able to pull myself of a very dark place. After long hours and hard work, I passed the security + today. Thank you for the videos.
@TravisHershberger
If you're only monitoring a small number of client systems, the $5/month Linode should work just fine. However, you have to create and mount additional swap space (swapfile in this case is easiest). Obviously not recommended for a production environment, but works fine for a home lab.
@SonOfJoy
Everytime you say Wazuh, it makes me think about that term "WAAAAAZUP!!" I'm currently attending a Cyber Security School and I just went through a module that taught about this application. Thanks for setting it up Chuck. Knowledge can't be used unless its applied to a real world scenario.
@zathrasjr
Thank you Chuck! I work for a security company that sells a SIEM product, but my access is very limited, and information is not shared (security people tend to be tight lipped). With Wazuh I can finally try out these concepts without limitations, and learn the terminology so that I'm speaking the same language as the engineers I work with. Wazah will be going on a spare NUC this weekend, so thanks for giving me something to do this weekend!
@wolverine3030
As a cybersecurity content creator, it's essential to emphasize the significance of free and open-source solutions, while also raising awareness about the potential risks they may pose to your data and network security if not managed properly.
@Synclon
Chuck look like my Grandpa wearing those glasses 😂
@brennonoverton8277
Oh my gosh. I didn't realize this existed. I have been fighting with the self hosted ELK stack and standalone OSSEC agent for literally months and did not realize that is what this is, all packaged for me.
@ayseertas3434
Hey Metaspyclub what an amazing work this has been and with all the crazy detection that you guys make possible. You guys take hacking to a whole new level and get the job done ASAP!!! I'm wondering what are all your personal qualifications?I don't think that it was ever mentioned before.
@KenSherman
I wazuh going to say nothing at first but the enthusiasm @20:12 was so palpable. 😆😂
@AndrewSelkirkEh
Senior dev lead for one of the Gartner SIEM vendor's here for the past 25 years. We always pronounced it "SIM" internally, but ya, it is also called "SEEM" in the industry.
@santiago.bassett