...address CCS Wazuh dashboard ccs-wazuh-dashboard 192.168.186.60 Wazuh indexer ccs-wazuh-indexer-1 Cluster A Wazuh server ca-wazuh-server-1 192.168.10.100 Wazuh indexer ca-wazuh-indexer-1 192.168.10.101 Cluster B Wazuh server cb-wazuh-server-1 192.168.20.100 Wazuh indexer cb-wazuh-indexer-1 192.168.20.101 Ensure...
...# rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH # echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo 3. Install the Wazuh indexer package: # yum -y install wazuh-indexer 4. Edit the /etc/wazuh-indexer/opensearch.yml configuration file...
...connections. Start the Wazuh manager service on the wazuh-2 worker node: # systemctl start wazuh-manager Wazuh dashboard After the Wazuh manager service is restarted on the wazuh-2 Wazuh worker node,...
...1. Add the Wazuh repository to download the official packages: # curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg # echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable...
...services for Node Port services: git clone https://github.com/wazuh/wazuh-kubernetes.git curl https://wazuh.com/resources/blog/wazuh-cluster-on-eks/nginx-svc.yaml -o wazuh-kubernetes/elastic_stack/kibana/nginx-svc.yaml curl https://wazuh.com/resources/blog/wazuh-cluster-on-eks/wazuh-master-svc.yaml -o wazuh-kubernetes/wazuh_managers/wazuh-master-svc.yaml curl https://wazuh.com/resources/blog/wazuh-cluster-on-eks/wazuh-workers-svc.yaml -o wazuh-kubernetes/wazuh_managers/wazuh-workers-svc.yaml Step 2: Kubernetes deployment Once we have the Kubernetes templates...
...file and upload it to the wazuh-aws-security-lake-events S3 bucket. a. Create a sample file with the name 20240422_ls.s3.2f062956-5a30-4c2a-b693-a0f5d878294c.2024-04-22T14.20.part39.txt in the /tmp directory. {"cluster":{"name":"wazuh-cluster","node":"wazuh-manager"},"timestamp":"2024-04-22T14:20:46.976+0000","rule":{"mail":false,"gdpr":["IV_30.1.g"],"groups":["audit","audit_command"],"level":3,"firedtimes":1,"id":"80791","description":"Audit: Command: /usr/sbin/crond"},"location":"","agent":{"id":"004","ip":"47.204.15.21","name":"Ubuntu"},"data":{"audit":{"type":"NORMAL","file":{"name":"/etc/sample/file"},"success":"yes","command":"cron","exe":"/usr/sbin/crond","cwd":"/home/wazuh"}},"predecoder":{},"manager":{"name":"wazuh-manager"},"id":"1580123327.49031","decoder":{},"@version":"1","@timestamp":"2024-04-22T14:20:46.976Z"} {"cluster":{"name":"wazuh-cluster","node":"wazuh-manager"},"timestamp":"2024-04-22T14:22:03.034+0000","rule":{"mail":false,"gdpr":["IV_30.1.g"],"groups":["audit","audit_command"],"level":3,"firedtimes":1,"id":"80790","description":"Audit: Command: /usr/sbin/bash"},"location":"","agent":{"id":"007","ip":"24.273.97.14","name":"Debian"},"data":{"audit":{"type":"PATH","file":{"name":"/bin/bash"},"success":"yes","command":"bash","exe":"/usr/sbin/bash","cwd":"/home/wazuh"}},"predecoder":{},"manager":{"name":"wazuh-manager"},"id":"1580123327.49031","decoder":{},"@version":"1","@timestamp":"2024-04-22T14:22:03.034Z"} {"cluster":{"name":"wazuh-cluster","node":"wazuh-manager"},"timestamp":"2024-04-22T14:22:08.087+0000","rule":{"id":"1740","mail":false,"description":"Sample alert...
...src: /tmp/wazuh-agent-4.7.0-1.msi dest: C:\Users\ansible\AppData\Local\Temp\ mode: '0774' - name: "2 - Deploy the Wazuh agent on the Windows endpoint" win_package: path: C:\Users\ansible\AppData\Local\Temp\wazuh-agent-4.7.0-1.msi product_id: Wazuh-4.7.0 arguments: '/q WAZUH_MANAGER={{wazuh_server}} WAZUH_AGENT_NAME="Windows-11"' state: present -...
...virtual machine. This endpoint hosts the Wazuh central components (Wazuh server, Wazuh indexer, and Wazuh dashboard). 2. Windows 11 endpoint with Wazuh agent 4.7.2 installed and enrolled to the Wazuh...
...A pre-built, ready-to-use Wazuh OVA 4.7.3 which includes the Wazuh core components (Wazuh server, Wazuh indexer, and Wazuh dashboard). Follow the virtual machine (OVA) – installation alternatives to download and...
...and Wazuh dashboard). 2. Ubuntu 22.04 endpoint with Wazuh agent installed and enrolled to the Wazuh server. A Wazuh agent can be installed by following the deploying Wazuh agents on...
...permissions of the files: # chown -R wazuh-dashboard:wazuh-dashboard /usr/share/wazuh-dashboard/plugins/anomalyDetectionDashboards/ # chmod -R 750 /usr/share/wazuh-dashboard/plugins/anomalyDetectionDashboards/ 5. Restart the Wazuh dashboard for the changes to take effect: # systemctl restart wazuh-dashboard 6....
...ADDRESS: <WAZUH_SERVER_IP_ADDRESS> Replace the <WAZUH_SERVER_IP_ADDRESS> variable with the IP address of your Wazuh server. AUTHD_SERVER: <WAZUH_SERVER_IP_ADDRESS> Repace the <WAZUH_SERVER_IP_ADDRESS> variable with the IP address of your Wazuh server. PROTOCOL: TCP...
Please make sure that all words are spelled correctly.