Using Wazuh for SIEM and vulnerability assessment

From Define Wiki

Revision as of 15:42, 9 March 2023 by David (talk | contribs) (Created page with " == Install Wazuh == <pre> curl -sO https://packages.wazuh.com/4.3/wazuh-install.sh && sudo bash ./wazuh-install.sh -a </pre> == Install Agents == * Log into portal * Add...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Install Wazuh

curl -sO https://packages.wazuh.com/4.3/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

Install Agents

Log into portal
Add agents
In this environment is provided the following commands to install the agent (which gets added to the default group and communicates back with the wazuh master service)

curl -so wazuh-agent-4.3.10.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.3.10-1_amd64.deb && sudo WAZUH_MANAGER='192.168.11.132' WAZUH_AGENT_GROUP='default' dpkg -i ./wazuh-agent-4.3.10.deb

sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent

Retrieved from "http://wiki.define-technology.com/mediawiki-1.35.0/index.php?title=Using_Wazuh_for_SIEM_and_vulnerability_assessment&oldid=32698"