Difference between revisions of "Using Wazuh for SIEM and vulnerability assessment"

Revision as of 14:57, 22 March 2023

Install Wazuh

curl -sO https://packages.wazuh.com/4.3/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

Install Agents

Log into portal
Add agents
In this environment is provided the following commands to install the agent (which gets added to the default group and communicates back with the wazuh master service)

curl -so wazuh-agent-4.3.10.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.3.10-1_amd64.deb && sudo WAZUH_MANAGER='192.168.11.132' WAZUH_AGENT_GROUP='default' dpkg -i ./wazuh-agent-4.3.10.deb

sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent

Edit the configuration

# if you need to do on a client node (defaults should be good however)
vi /var/ossec/etc/ossec.conf
service wazuh-agent restart

Enable the vulnerability detection

On the Admin UI

Management -> Configuration -> Edit Configuration
Set vulnerability-detector to yes

  <vulnerability-detector>
    <enabled>yes</enabled>
    <interval>5m</interval>
    <min_full_scan_interval>6h</min_full_scan_interval>
    <run_on_start>yes</run_on_start>

Difference between revisions of "Using Wazuh for SIEM and vulnerability assessment"

Revision as of 14:57, 22 March 2023

Contents

Install Wazuh

Install Agents

Edit the configuration

Enable the vulnerability detection

Navigation menu

Search