-
Notifications
You must be signed in to change notification settings - Fork 0
Lab 3.2 Wazuh
You've seen what a centralized syslog server can do in terms of receipt and organization of log files from across the enterprise. In this new lab, we are going to experiment with a far more modern logging system called Wazuh. Wazuh is one of several ELK based SIEMs. We are using this one because of the relatively ease of installation as well as functionality. Unlike a traditionally syslog client and server, Wazuh allows us to install agents on supported systems. Agents can refine that information sent to their SIEM for streamlined analysis.
List out any commands that were used or found to be helpful during the process.
curl -sO https://packages.wazuh.com/4.3/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
installs Wazuh
Document any notes that were taken while working on the assignment.
-
Install and show Wazuh Running
-
Register web01 to be an Agent running on Wazuh
-
Show an invalid user login being flagged in the Security events
Include any additional notes or observations made while working on the assignment.
N/A
**List out any issues that were encountered while working on the assignment. **
N/A
If any issues were solved, list out the resolutions for each problem.
N/A
List out any questions that arose while working on the assignment.
N/A