Episode Details

Today we had a blast playing with Wazuh as a SIEM you can use for work and/or home. Inspiration for this episode came from Network Chuck.

This one-liner will literally get Wazuh installed in about 5 minutes:

curl -sO https://packages.wazuh.com/4.4/wazuh-install.sh && sudo bash ./wazuh-install.sh -a 

P.S. if you accidentally close your command window before writing down the admin password (like I did), you can use this command to retrieve it:

sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt 

Once Wazuh is installed, I recommend going to Management > Configuration > Edit Configuration, look for a section that starts with  and change no to yes.

Also, before you start deploying agents, I recommend making some groups for them, which I believe has to be done at the command line:

/var/ossec/bin/agent_groups -a -g windows-boxes -q /var/ossec/bin/agent_groups -a -g linux -q 

From there you should be ready to start rockin' some agent installs. Have fun!