VMware
Full Wazuh Install – The SOCFortress Way
Full Wazuh Install – The SOCFortress Way
#Full #Wazuh #Install #SOCFortress
“Taylor Walton”
Join me as we install the latest version of Wazuh (4.4)! Deploy your own SIEM solution today!
📄Blog Post:
📩 Contact Me:
ℹ️ LinkedIn:…
source
To see the full content, share this page by clicking one of the buttons below |
Hi Taylor thnx for the great vids!! Since you dont use wazuh manager to ingest the firewall logs but Graylog, is there a way to get some alerts ore shuffle triggerd on certain firewall log events?
hey @taylorwalton_socfortress @Taylor Walton
whats your opinion on CrowdSec? do you use it?
Nice work, I was struggling myself for three days trying to get it to work with graylog 4.x., thinking that was Elasticsearch the problem LoL, Thanks for the update 🙂
You've built some automations and a lot of cool stuff. I'd be interested in a demo video that just showcases all these in one sitting as if we were the SOC analysts at the console and to see some cases being worked from start to finish. No explanations of the back end or anything but just full on start to finish of case work in a real world scenario. That would be awesome to see it in action at the higher level.
Mentioning the fact that you have to alter the information in your 'custom' config.yml under the [req_domain_name] from your information to the default or our own would likely save people some headache. You should probably fix that link, since it kinda defeats the purpose of trying to help save time. Otherwise, great info!
Hi Taylor, excellent stuff always!! Please, are you able to share docker setup for latest wazuh with greylog
I'm facing this problem after completing 12:35 min from your video "Wazuh dashboard server is not ready yet" 😭😭
Hey Taylor. Awesome videos.
By the way. I'm new to wazuh and I don't know if ELK is not used anymore and now is replaced with wazu indexer or if ELK is also used with wazuh in other kind of environments. I'll appreciate you or anyone here can help with this.
Hey Taylor, awesome work. I was wondering if you could upload a video where we can integrate Wazuh with DFIR-IRIS via shuffle. Relatively same as Wazuh+Shuffle+TheHive+Cortex.
The sound it bad 🙁
FINALLY.
After 7 times trying I finally got this up For those using proxmox make sure you run privileged containers on LXC and debian 11. Debian12 does not have a binary for Deb12 yet.
I'm still having an issue with proxmox rewriting my hosts file upon each restart Looking forward to that API!
I would like to say maybe you should cover some troubleshooting steps as not everyone will get through without errors. Your assuming it will just go smoothly.
On a fresh Ubuntu VPS, fresh install using docker, when trying to add a new agent, I then fill all the data, run the commands on the machines where agents suppose to run, nothing happens, if I press the refresh button it clears all options, if I go back to agents the list is empty.
On agent machine I get this in the logs:
wazuh-agentd: ERROR: (1208): Unable to connect to enrollment service at '[ip-address]:1515'
What terminal emulator program are you using?
Is it possible to connect already running Wazuh-Indexer (installed with installation scripts) with graylog?
Excellent video, you helped me out to solve every issues that I have connecting graylog with Wazuh-Indexer. Great content man.
just my personal input but when i go to watch a video that has possible good info but the audio of the video is not well i skip to the another one with better audio.
reverb city yo
Tried this multiple time, but sadly i get a connection error with.the wazuh dashboard.. seems it cant connect to opensearch.. so when logging into the web interface i get the message wazuh dasboard server is not ready yet.😢
Can how show us how to forward Cisco router log to wazuh in another video?
thank you for this video.