this Cybersecurity Platform is FREE
Vložit
- čas přidán 30. 10. 2023
- jh.live/wazuh || Try Wazuh completely for free, and protect your environments with an open-source SIEM and XDR platform easily accessible on-premise! jh.live/wazuh
PS, I'll be presenting for the CloudSec 360 webinar with Wiz on the MOVEit Transfer exploitation -- tune in on November 8th! jh.live/wiz360
Free Cybersecurity Education and Ethical Hacking with John Hammond
📧 JOIN MY NEWSLETTER ➡ jh.live/email
🙏 SUPPORT THE CHANNEL ➡ jh.live/patreon
🤝 SPONSOR THE CHANNEL ➡ jh.live/sponsor
🌎 FOLLOW ME EVERYWHERE ➡ jh.live/twitter ↔ jh.live/linkedin ↔ jh.live/discord ↔ jh.live/instagram ↔ jh.live/tiktok
💥 SEND ME MALWARE ➡ jh.live/malware
🔥 CZcams ALGORITHM ➡ Like, Comment, & Subscribe!
The presentation is excellent, giving real examples, not like the vast majority of CZcamsrs who say what is theoretical and that's it.
It would be great if you could make a series of videos on wazuh, setups, examples, case studies, etc.
Again, brilliant, and thanks for sharing, total genius.
While the software is explained pretty clearly, I have some reservations. On a completely fresh Ubuntu Server 20.04.06 VM (ProxMox) without any extras installed. I followed the links provided in this video and it said this version of Ubuntu is fully supported. The quick install script starts and crashes after a while. The on-screen instructions tell me to extract a generated archive to continue the the installation. That generated archive, well, it isn't generated.
Ah well, just scrap the current VM and restore a snapshot I created just after installing Ubuntu Server and retry. Nope. the quick insatll script failed again. Different generated archive failure. Scrap it and restore the snapshot again. Again the script fails, again the first generated archive failure.
Found a manual for manual (offline) installing the software, but is is very involved. That method took also a lot more than 5 minutes. But that method at least worked. Once the software runs, it does look good.
@@geroldmanders9742 these software ARE convoluted.
Still, the necessity of lurking into dozen of configuration scripts is the problem.
You know, they are aimed to system admins, well, but the home-labbers or technicians who want to replicare some high level systems with their customers, need the knowledge of large-scale business, but are on their own.
Keeping all the knowledge to gear those things is also not so simple, although it is intriguing to learn about.
You yourself faced with the installation issue.
I cannot declare it is the norm, but sometimes it is frequent.
Take me, I'm in the 50ish, and notbeing a digital born, I have always aimed to learn as much as possible in IT, and am still able to learn and follow or guide my customers into digital world, but for me and few other colleagues who participate into this research of nice and powerful tools (ProxMox, TrueNAS, UNRAID, network security tools, NAS self-construction...) the hardest wall to splash your face to is the issue prone systems that those software lead.
I also face frequently with VM problems, so putting a test bench on, is a matter of build physical hardware that has costs, and consumes time.
@@geroldmanders9742 Did you check /var/log/wazuh-install.log? What did that say?
Few years in to cybercsecurity and you have opened up my world by this practical application. I understood your vocabulary which was super motivating. Thanks keep the videos coming.
I'm actually amazed at the amount of tools and services Wazuh can provide. Also, thank you Josh, that was very well presented.
Security practitioner/professional here.. this walkthrough is excellent, and this can easily be done in small business env's as well as in a individual's personal home. The cost of entry is just the time it takes to learn, but this can be done by anyone with some time and motivation. You don't even need dedicated computers or servers, this can be done on a Rasberry Pi.
I gree and am very hopeful, but time is the problem...
I think one can't spend all day long working on computers and in the free time doing the same.
Until wazuh gets a bigger user base then they will screw everyone over like nessus and rapid7. ill bet money on it.
@@xelerated yeah honestly it's a great platform, offering siem, and threat hunting Capabilities.
This is incredible. Thanks so much for making me aware of this and doing a deep dive. I can't wait to set this up in my lab. Appreciate you.
*gives a round of applause*
I have to thank you because every one of your videos that I have seen, I have learned absolutely so much. And I was literally just talking to my friend about how it was so aggravating hat all of those weren’t in a single platform (unless you wanted to pay out the rear for it), and then this shows up. So thank you for making the video, and FOR ONCE, thank you to ‘big brother’ listening in on all of our devices, lol.
The Seth Rogen of Cyber Security.
Fact!
Bruh I thought I was the only one , even his laugh
I been like who does John remind of and that is exactly it man
This is incredible
💀
Yes please more tutorial video with Wazuh. And thank you so much for sharing your knowledge with Wazuh. Love your work
Thanks for doing this video. Also, thanks for talking at us like this. Makes it all seem more genuine and really drives the point home!
I was so lost in studying cybersecurity until I watched this Wazuh video. Now I understand it clearly. Especially studying for the SOC Analyst job. Thanks a lot John. This is the best straightforward, highly informative and no-nonsense video.
Love it John! Keep it up! I am setting up Wazuh along with you.👍
We have been using this for sometime, it’s excellent!!
Thanks for that. It's a really awesome tool i've installed at work to monitor our network couple of months ago. Only big issue at the beginning was the CIS benchmark for ubuntu 22.04 but once you fix the typos and the regex it works A1. Next step for me is to build the Dashboard in OpenSearch
Fantastic video John, great to see Wazuh getting the exposure it deserves!
I've known about Wazuh for a while, however, a lot of people may not and I genuinely love watching your videos. Followed for a long time but rarely, if ever, comment. So here's a huge thanks for the hard work you put into your amazing content.
Wazuh is great. i use it as part of a larger security offering.
You killed this video!!! Got me interested in so many things all at once. Thank you brother!
Just awesome is Wazuh, and so are you, bro. You make this seem so simple and explain it very nicely. Thanks a lot...
Honestly this kind SIEM deployment and testing is one of my favorite's topics. Thanks @JohnHammond
Talk about timing. I just reinstalled mine after a Linux Upgrade bricked the dashboard. As always, thanks for the clairvoyant topic post.
@JohnHammond I'm glad you're able to do all these cool videos that feature various tools, but I miss the days of solving CTF's in the long form format
wach kho cv
Money talks. Long format brings only enthusiastic people together while the other format is more click-baity.
Best video to date, and that's saying something! Really awesome!!
I subbed. Great vid! Gonna set it up on my raspi 4b 👍
Also love the all black background, ...Very easy on the eyes, especially on my iPad.
Fantastic video on a complex subject. Detailed enough without going down a rabbit hole of confusion. :)
Kudos to you. You made look so simple. Your virtual boxes are running faster.
Thanks so much, first video I watched by you and complete whole thing, I really love the incident response aspect of Wazuh.
100% agree with all the folks who want to see the series of instructional videos. great topic.
Great video! Please create a series about this tool! It will help us a lot!
I just added this to my home network this week. It's awesome.
I love your enthusiasm. Subscribed!
Man wazuh looks amazing :D I am thinking about to use it in my soho and install the agents on all of machines of my family and secure them :D
Thanks for the vid!
Instant like and suscribe.
However there is a pb at 27:50 : before deleting the file [Which in effects just unlink the file, ie deletes the directory entry helping to point the actual file : if that file is still running or opened, it would still be present and active!] it should instead do first : sudo lsof -Pn and try to see if that exact file (matching the inode!!, 8th field in the lsof -Pn and 1st field in ls -ild) and kill any pid (2nd field) matching this inode. Only then, after another lsof check, delete (=unlink) the file. Making sure to not kill the script itself of course ^^.
Just completed this room on THM and was awesome.
Nice deeper dive. One thing that would be great to see is vulnerability auto remediation.
Agreed. This would be my use case scenario.
@@MicrosoftieI mean I'm sure you can do it just by kicking of a script or even a command remotely that does something like simple like apt-get update and boom its done. Windows even has it's own tool which you can run from cli to force it to download and install updates. Would just be nice to see that as an option builtin. I think that would make this virtually the ultimate free SIEM.
Fantastic stuff and very insightful, and thanks for sharing. Looking forward for more OpenSource tools for home and enterprise.
💯
It is an amazing thing :) thanks for sharing it with us I am very excited to see more showcases videos about Wazuh from you.
Ooh this sounds amazing. I am sharing with my team
Seems like they have finally morphed OSSEC+Elastic into a nice opensource solution as I had lookedat this many years ago.
I'd like to see videos on feeding network device logs into the Wazuh.
And also address how to handle retention of logs and events.
Great video! I would love to see more on this. Maybe IDS and unauthorized processes?
There is a Proof of Concept, POC guide on their website, very helpful.
This video probably saved an organization from getting hacked. Thanks!
Will deploy this in my company. Learned lot of things
That was amazing. Looking forward to the next part
Thank you for the reminder about this. chuck made a video on this and I tried to set it up and failed. But your video it helped and I got it set up
Yes, it's incredible 😍😍. Thanks for sharing 😊😊
Thanks. Watching it again and doing the install on my Ubuntu VM running on Proxmox.
CIS Benchmark is something outstanding in this wazuh setup all other things are similar to other EDR solutions.
Cool video, you covered the main things and you concentrated to the essential part and not to do show like other videos. So thanks for this.
Hey John Go to 0:17 in the video. what's that behind you? I'm just hoping your aware of it, and I didn't just convince myself there's ghosts. I need to get better sleep lol
Your the man J.H.!!!
Appreciate all of your efforts in sharing all you do!!!
I cant thank you enough for what I've learned from you it helped spark the interest of everything I've learned in the past couple years, appreciate the depth and clarity in your content.
Thanks again John
Josh...
I've been managing Wazuh for 2 years now. ama ❤
Hi John, thanks a lot for sharing with us your knowledge! Please made more videos about wazuh! Cheers
Always the best videos!🔥
Loved it. Please do more about this!
Perfect timing for this video. Thanks!
This is GOLD. Thank you John.
This is like 90% above my head, but it was very interesting. Thanks for sharing
If you're recreating this using VMs in virtualbox, make sure to add a host-only network adapter in addition to the default NAT adapter so your manager and agents can use the same IP address.
Very informative video, thank you so much! I'd definitely tune in to future videos about wazuh. In the meantime, I'm going to play around with executing python scripts from the active-response command.
This is not needed. only the wazuh host/server/node needs a fixed ip.
@@pehdenthank you for the correction. For some reason, I was only able to get it to work after doing this. To be fair, I’m new to this space and should’ve mentioned that in my original comment. Thanks again!
@@festivusfortherestivus the agents connect to the host, unlike a decentralized system.
Thanks a lot for this great demonstration. Gonna try everything showed
More Wash videos please! This was great content!
Good job, I've always been a big fan 👍
HAHAHA...I should have my head examined thoroughly. I just spent the last 2 days trying to set this up exactly as you did. I could not for the life of me, get the Agent to connect to the Manager. I'm going to take a break and come back to it. Thank you John for the information.
Be careful that your "manager" server does not have the same hostname as any of your agents. When I tried cloning my VMs from a flat Ubuntu image, since I didn't change the hostname from "ubuntu" on the manager server and "ubuntu" on the client agent, it couldn't see the agent (since the 'server' practically is an 'agent').
That's why I force-name mine to "linux" in the video 😅
@@_JohnHammond Thanks for the insight, John. My manager and agent had different hostnames but I found out that my two VM's (Linux) had the same IP Address.
@@_JohnHammond So I got it to work finally. I had to change my network adapter on the Server/Manager to Bridge, and it connected to my Agent. I am assuming that cloning the VM copied the IP Config also.
I hope you do make some more wazuh videos! I just started using it at home and really like it. There's a lot to dig into!
blew my mind, too! this is way cool! thanks John!
Awesome. Thanks for the presentation. i think i´ve seen the light!!!
Waiting next video about wazuh…. Make our homelabs secure!
Awesome job John, Thank you.
Great work, excellent video!
Such a great demonstration. 😎
This is awesome John!!
your energy is awesome!!
this is amazing....you are amaziing....thank you!!!
Been using this for quite a long time, and this becomes challenging when wanting to monitor containers on top of Kubernetes or something like that. Tried to isolate the agent as a container, but it became duplicated when the container was re-deployed 😂
Thanks I think I was just thinking about doing something like this minus the kubernetes
What is going to be your resolution for resolving this?
@@Microsoftie for automatically deployed to every node, using a daemonset or statefulset, to prevent duplicate agent, mount the wazuh agent key to the host to prevent regenerating key when redeploy the pod, so the master will recognize as existing agent instead of a new one
@@xanzutdo we have this solution documented anywhere ?
@@amjads8971 I don't find any documentation about this case, even in wazuh documentation only mention monitoring docker via docker socks
Thanks for this video - helped me a lot. I, however ran into a bit of an issue with the windows agent. For some reasons, it failed to assign the server IP to the agent. I had to edit the config file to manually enter the IP address. Just in case anyone else has that issue with the windows agent. Thanks buddy. I appreciate.
This is so cool. I have a mini PC that I installed this on and will run it as my SIEM server.
i love your positivity :)
Hi John. Thanks for the introduction. Nevertheless, could you please make a video in which you explain how we can monitor the outbound and inbound traffic for an agent? I want to be able to see the IP addresses, the URLs that an agent is checking and so on. Thank you.
Great video. Thanks John.
You made reference to Yara rule support but I couldn’t find that in your video. Does Wazah have support for Yara or is this being done through the VirusTotal integration? Thanks for a great video. Cheers 😊
Thank You Sir , much appreciated . Great content
thank you john for your efforts.
please can you do more video's about wazuh
Well done video! Solid share. Thank you
oh John Oh John....You are simply amazing. Great work
Great video. Thank you!
Great tutorial. Inspired me to test drive!
great video John, we appreciate you, please could you take a time and do a video series on wazuh for home networks, and one think that i have not seen yet is wazuh agents for android & iOs devices
Great video, please post more with this product.
Man thanks for this John! I recently implemented Wazuh in my organization but haven't dived deep into all its features like your showcased today. One question, is there a way to configure a single wazuh agent that can be applied to all endpoints?
Yes, you can modify the default agent ossec.conf on the server and it will deploy it to the agents when they are enrolled.
Great video. Thank you. I'm curious how relevant this software is today (in comparison to other products on the market)? Thanks again, and keep on doing what you're doing.
Just awsome , good job 👌
10/10
Intend on doing as a project for my cyber security resume.
Wonderful demo of Wazuh
Very informational. World record for use of the superfluous Americanism "go ahead" in one video.
Excellent - Thank you veeeeeeeeeeeeery much for sharing.
this is awesome thanks for sharing!
great video, such a cool and useful tool/service
You are awesome man!
DO IT!! I was playing with this for a little bit and got stuck on the alerts. I was thinking of doing something cool like creating a discord chat for alerts. Make my life easier please!!
Great Video! Thanks
I had a little laugh at this when watching. Great video. However when you said most of our servers are Linux I went, "oh, are they?" I have been working n the small business sector in Australia for 40 odd years and I think I could still count the amount of production servers I've seen running Linux on one hand, (ok maybe that's an exaggeration, but you get the point). This seems like an awesome platform. Currently I Google how to do stuff on Linux cos I don't use it enough to remember things. However, it seems I am going to have to finally bite the bullet and learn how to set up and manage a Linux VM on my Hyper-V server ...😑
This is great presentasion!
wow, this is like having a master chief suit
This man never disappoints with his details💯💯💯