Submitting the form

All results for 'Wazuh'

Showing 12 of 270 results

Managing multiple Wazuh clusters with Cross-Cluster Search

Blog / Engineering / Managing multiple Wazuh clusters with Cross-Cluster Search

...address CCS Wazuh dashboard ccs-wazuh-dashboard 192.168.186.60 Wazuh indexer ccs-wazuh-indexer-1 Cluster A Wazuh server ca-wazuh-server-1 192.168.10.100 Wazuh indexer ca-wazuh-indexer-1 192.168.10.101 Cluster B Wazuh server cb-wazuh-server-1 192.168.20.100 Wazuh indexer cb-wazuh-indexer-1 192.168.20.101 Ensure...

Wazuh multi-site implementation

Blog / Engineering / Wazuh multi-site implementation

...# rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH # echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo 3. Install the Wazuh indexer package: # yum -y install wazuh-indexer 4. Edit the /etc/wazuh-indexer/opensearch.yml configuration file...

Load balancing a Wazuh server cluster using NGINX

Blog / Engineering / Load balancing a Wazuh server cluster using NGINX

...connections. Start the Wazuh manager service on the wazuh-2 worker node: # systemctl start wazuh-manager Wazuh dashboard After the Wazuh manager service is restarted on the wazuh-2 Wazuh worker node,...

Migrating from OSSEC to Wazuh

Blog / Engineering / Migrating from OSSEC to Wazuh

...1. Add the Wazuh repository to download the official packages: # curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg # echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable...

Deploying Wazuh on Kubernetes using AWS EKS

Blog / Engineering / Deploying Wazuh on Kubernetes using AWS EKS

...services for Node Port services: git clone https://github.com/wazuh/wazuh-kubernetes.git curl https://wazuh.com/resources/blog/wazuh-cluster-on-eks/nginx-svc.yaml -o wazuh-kubernetes/elastic_stack/kibana/nginx-svc.yaml curl https://wazuh.com/resources/blog/wazuh-cluster-on-eks/wazuh-master-svc.yaml -o wazuh-kubernetes/wazuh_managers/wazuh-master-svc.yaml curl https://wazuh.com/resources/blog/wazuh-cluster-on-eks/wazuh-workers-svc.yaml -o wazuh-kubernetes/wazuh_managers/wazuh-workers-svc.yaml Step 2: Kubernetes deployment Once we have the Kubernetes templates...

Wazuh integration with Amazon Security Lake as a custom source

Blog / Engineering / Wazuh integration with Amazon Security Lake as a custom source

...file and upload it to the wazuh-aws-security-lake-events S3 bucket. a. Create a sample file with the name 20240422_ls.s3.2f062956-5a30-4c2a-b693-a0f5d878294c.2024-04-22T14.20.part39.txt in the /tmp directory. {"cluster":{"name":"wazuh-cluster","node":"wazuh-manager"},"timestamp":"2024-04-22T14:20:46.976+0000","rule":{"mail":false,"gdpr":["IV_30.1.g"],"groups":["audit","audit_command"],"level":3,"firedtimes":1,"id":"80791","description":"Audit: Command: /usr/sbin/crond"},"location":"","agent":{"id":"004","ip":"47.204.15.21","name":"Ubuntu"},"data":{"audit":{"type":"NORMAL","file":{"name":"/etc/sample/file"},"success":"yes","command":"cron","exe":"/usr/sbin/crond","cwd":"/home/wazuh"}},"predecoder":{},"manager":{"name":"wazuh-manager"},"id":"1580123327.49031","decoder":{},"@version":"1","@timestamp":"2024-04-22T14:20:46.976Z"} {"cluster":{"name":"wazuh-cluster","node":"wazuh-manager"},"timestamp":"2024-04-22T14:22:03.034+0000","rule":{"mail":false,"gdpr":["IV_30.1.g"],"groups":["audit","audit_command"],"level":3,"firedtimes":1,"id":"80790","description":"Audit: Command: /usr/sbin/bash"},"location":"","agent":{"id":"007","ip":"24.273.97.14","name":"Debian"},"data":{"audit":{"type":"PATH","file":{"name":"/bin/bash"},"success":"yes","command":"bash","exe":"/usr/sbin/bash","cwd":"/home/wazuh"}},"predecoder":{},"manager":{"name":"wazuh-manager"},"id":"1580123327.49031","decoder":{},"@version":"1","@timestamp":"2024-04-22T14:22:03.034Z"} {"cluster":{"name":"wazuh-cluster","node":"wazuh-manager"},"timestamp":"2024-04-22T14:22:08.087+0000","rule":{"id":"1740","mail":false,"description":"Sample alert...

Ransomware protection on Windows with Wazuh

Blog / Engineering / Ransomware protection on Windows with Wazuh

...Wazuh Active Response script: <decoder name="Wazuh_Ransomware"> <prematch>Wazuh_Ransomware_Protection:</prematch> </decoder> <decoder name="Wazuh_Ransomware_child"> <parent>Wazuh_Ransomware</parent> <regex type="pcre2">Wazuh_Ransomware_Protection: (.*)</regex> <order>rollback_status</order> </decoder> Custom rules configuration Perform the following step to add a custom rule. 1. Add...

Configuration management of Wazuh endpoints using Ansible

Blog / Engineering / Configuration management of Wazuh endpoints using Ansible

...src: /tmp/wazuh-agent-4.7.0-1.msi dest: C:\Users\ansible\AppData\Local\Temp\ mode: '0774' - name: "2 - Deploy the Wazuh agent on the Windows endpoint" win_package: path: C:\Users\ansible\AppData\Local\Temp\wazuh-agent-4.7.0-1.msi product_id: Wazuh-4.7.0 arguments: '/q WAZUH_MANAGER={{wazuh_server}} WAZUH_AGENT_NAME="Windows-11"' state: present -...

Wazuh agent groups and centralized configuration

Blog / Engineering / Wazuh agent groups and centralized configuration

...virtual machine. This endpoint hosts the Wazuh central components (Wazuh server, Wazuh indexer, and Wazuh dashboard). 2. Windows 11 endpoint with Wazuh agent 4.7.2 installed and enrolled to the Wazuh...

Filtering security data with the Wazuh Query Language

Blog / Engineering / Filtering security data with the Wazuh Query Language

...A pre-built, ready-to-use Wazuh OVA 4.7.3 which includes the Wazuh core components (Wazuh server, Wazuh indexer, and Wazuh dashboard). Follow the virtual machine (OVA) – installation alternatives to download and...

Monitoring Linux resource usage with Wazuh

Blog / Engineering / Monitoring Linux resource usage with Wazuh

...and Wazuh dashboard). 2. Ubuntu 22.04 endpoint with Wazuh agent installed and enrolled to the Wazuh server. A Wazuh agent can be installed by following the deploying Wazuh agents on...

Enhancing IT security with anomaly detection in Wazuh

Blog / Engineering / Enhancing IT security with anomaly detection in Wazuh

...permissions of the files: # chown -R wazuh-dashboard:wazuh-dashboard /usr/share/wazuh-dashboard/plugins/anomalyDetectionDashboards/ # chmod -R 750 /usr/share/wazuh-dashboard/plugins/anomalyDetectionDashboards/ 5. Restart the Wazuh dashboard for the changes to take effect: # systemctl restart wazuh-dashboard 6....

No results for 'Wazuh'

Please make sure that all words are spelled correctly.