...address CCS Wazuh dashboard ccs-wazuh-dashboard 192.168.186.60 Wazuh indexer ccs-wazuh-indexer-1 Cluster A Wazuh server ca-wazuh-server-1 192.168.10.100 Wazuh indexer ca-wazuh-indexer-1 192.168.10.101 Cluster B Wazuh server cb-wazuh-server-1 192.168.20.100 Wazuh indexer cb-wazuh-indexer-1 192.168.20.101 Ensure...
...# rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH # echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo 3. Install the Wazuh indexer package: # yum -y install wazuh-indexer 4. Edit the /etc/wazuh-indexer/opensearch.yml configuration file...
...connections. Start the Wazuh manager service on the wazuh-2 worker node: # systemctl start wazuh-manager Wazuh dashboard After the Wazuh manager service is restarted on the wazuh-2 Wazuh worker node,...
...1. Add the Wazuh repository to download the official packages: # curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg # echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable...
...services for Node Port services: git clone https://github.com/wazuh/wazuh-kubernetes.git curl https://wazuh.com/resources/blog/wazuh-cluster-on-eks/nginx-svc.yaml -o wazuh-kubernetes/elastic_stack/kibana/nginx-svc.yaml curl https://wazuh.com/resources/blog/wazuh-cluster-on-eks/wazuh-master-svc.yaml -o wazuh-kubernetes/wazuh_managers/wazuh-master-svc.yaml curl https://wazuh.com/resources/blog/wazuh-cluster-on-eks/wazuh-workers-svc.yaml -o wazuh-kubernetes/wazuh_managers/wazuh-workers-svc.yaml Step 2: Kubernetes deployment Once we have the Kubernetes templates...
...file and upload it to the wazuh-aws-security-lake-events S3 bucket. a. Create a sample file with the name 20240422_ls.s3.2f062956-5a30-4c2a-b693-a0f5d878294c.2024-04-22T14.20.part39.txt in the /tmp directory. {"cluster":{"name":"wazuh-cluster","node":"wazuh-manager"},"timestamp":"2024-04-22T14:20:46.976+0000","rule":{"mail":false,"gdpr":["IV_30.1.g"],"groups":["audit","audit_command"],"level":3,"firedtimes":1,"id":"80791","description":"Audit: Command: /usr/sbin/crond"},"location":"","agent":{"id":"004","ip":"47.204.15.21","name":"Ubuntu"},"data":{"audit":{"type":"NORMAL","file":{"name":"/etc/sample/file"},"success":"yes","command":"cron","exe":"/usr/sbin/crond","cwd":"/home/wazuh"}},"predecoder":{},"manager":{"name":"wazuh-manager"},"id":"1580123327.49031","decoder":{},"@version":"1","@timestamp":"2024-04-22T14:20:46.976Z"} {"cluster":{"name":"wazuh-cluster","node":"wazuh-manager"},"timestamp":"2024-04-22T14:22:03.034+0000","rule":{"mail":false,"gdpr":["IV_30.1.g"],"groups":["audit","audit_command"],"level":3,"firedtimes":1,"id":"80790","description":"Audit: Command: /usr/sbin/bash"},"location":"","agent":{"id":"007","ip":"24.273.97.14","name":"Debian"},"data":{"audit":{"type":"PATH","file":{"name":"/bin/bash"},"success":"yes","command":"bash","exe":"/usr/sbin/bash","cwd":"/home/wazuh"}},"predecoder":{},"manager":{"name":"wazuh-manager"},"id":"1580123327.49031","decoder":{},"@version":"1","@timestamp":"2024-04-22T14:22:03.034Z"} {"cluster":{"name":"wazuh-cluster","node":"wazuh-manager"},"timestamp":"2024-04-22T14:22:08.087+0000","rule":{"id":"1740","mail":false,"description":"Sample alert...
...Wazuh agent to execute concurrent tasks, improving performance and efficiency. Agent communication The Wazuh agent communicates with the Wazuh server to transmit collected data and security events. Additionally, the agent...
...<decoder name="Wazuh_Ransomware"> <prematch>Wazuh_Ransomware_Protection:</prematch> </decoder> <decoder name="Wazuh_Ransomware_child"> <parent>Wazuh_Ransomware</parent> <regex type="pcre2">Wazuh_Ransomware_Protection: (.*)</regex> <order>rollback_status</order> </decoder> Custom rules configuration Perform the following step to add a custom rule. 1. Add the following custom rule...
...src: /tmp/wazuh-agent-4.7.0-1.msi dest: C:\Users\ansible\AppData\Local\Temp\ mode: '0774' - name: "2 - Deploy the Wazuh agent on the Windows endpoint" win_package: path: C:\Users\ansible\AppData\Local\Temp\wazuh-agent-4.7.0-1.msi product_id: Wazuh-4.7.0 arguments: '/q WAZUH_MANAGER={{wazuh_server}} WAZUH_AGENT_NAME="Windows-11"' state: present -...
...virtual machine. This endpoint hosts the Wazuh central components (Wazuh server, Wazuh indexer, and Wazuh dashboard). 2. Windows 11 endpoint with Wazuh agent 4.7.2 installed and enrolled to the Wazuh...
...A pre-built, ready-to-use Wazuh OVA 4.7.3 which includes the Wazuh core components (Wazuh server, Wazuh indexer, and Wazuh dashboard). Follow the virtual machine (OVA) – installation alternatives to download and...
...and Wazuh dashboard). 2. Ubuntu 22.04 endpoint with Wazuh agent installed and enrolled to the Wazuh server. A Wazuh agent can be installed by following the deploying Wazuh agents on...
Please make sure that all words are spelled correctly.