Thank you! This was very helpful in the setup process. I was able to successful see the deleted attempts in Wazuh after the modifying of the python script.
The free version would be using a PowerShell script to automate the deployment of the Wazuh agent across multiple Windows Instances. You can run this script locally on each system, or you can use PowerShell remoting "Invoke-Command" system. It would login inn with admin rights, then have the script invoke a webrequest to download and install the agent, start the service. Good practice is also running Remove-Item to clean up things after yourself. Using Deply tools is only really needed if you want to keep a lot of software updated across a fleet of systems. Otherwise highly overkill.
@@eriknilsen_trainingday Yes and no. PDQ Deploy offers a completely free version that can easily be used to deploy custom scripts. Plus, it provides a convenient deployment progress status in the UI-something you’d struggle to replicate in a PowerShell script, especially if you’re not well-versed in PowerShell. PDQ Deploy isn’t overkill; in fact, it’s incredibly user-friendly and can handle a lot of the heavy lifting for you, especially if scripting isn’t your strong suit. It’s also worth noting that not everyone is comfortable with PowerShell. Getting PowerShell to work smoothly across a domain environment, especially with even basic security controls in place, can be an uphill battle due to issues like language mode, execution policy, etc.
@@ReasonableITService just looked through the free tier again, and you’re right, it should do what you need in this instance. Might be a lot easier if not well versed in maintenance of the environment yes.
2024/05/12 18:59:07 wazuh-integratord: ERROR: Unable to run integration for -> integrations 2024/05/12 18:59:07 wazuh-integratord: ERROR: While running virustotal -> in. Output: exception 2024/05/12 18:59:07 wazuh-integratord: ERROR: Exit status was: 4
question: When i already have a windows machine connected to internet and able to download a free antivirus which not only covers all folders and memory from virus then why do i need this that on covers download folder ?
That's a good question and the short answer is, you don't. Matter of fact windows os has been coming with a built in Anti-virus since about Windows 8. BUT, the point is, a tool like this can grant you all kinds of further granular control and monitoring of your systems from a cyber-security perspective.
Thought this was going to be helpfull. I followed along a few times. but what came out wasn't an .exe file. Not sure if something has changed or a step was left out of this video that prevented me from getting the same results. I would enter this: pyinstaller -F emove-threat.py But I kept getting: Script file '\ emove-threat.py' does not exist, while I was running P.S. from the folder with the file as you did here. I tried both with and without the header you mentioned having issues with.
Try this: - Ensure your .py file name is exactly: remove-threat.py - Stick your remove-threat.py file on your desktop - Run powershell as admin - Type and run this command: cd c:\users\yourusername\desktop (be sure to replace 'yourusername' with your actual username) - Type and run this command: pyinstaller -F emove-threat.py
@@ReasonableITService I am literally stuck in the same spot and having the same problem. I have deleted and recreated the python file 3x and still getting .spec output and not .exe....something wonky going on, it just doesn't make sense
@@theOcsurfbum A successful conversion process should spit out one 'remove-threat.spec' file and two folders called 'dist' and 'build'. The converted remove-threat.exe file you need should be in the 'dist' folder.
Thank you! This was very helpful in the setup process. I was able to successful see the deleted attempts in Wazuh after the modifying of the python script.
Woo! Glad to hear it. Enjoy Wazuh!
can you provide us edited your python script?
I am really thankful to you. I have successfully deployed Virus Total with Wazuh.. thanks once again
hey and to save the step of putting the user name you can add a rule to the group windows for example
C:\Users downloads
Thanks very helpfull
I would like to see how you would do this for an msp like a multi tenant.
Thanks for the info. But can this be set up from the server ? what if I had 200 hundred machines.
th-cam.com/video/D4L6BDmV82E/w-d-xo.htmlsi=ro7HJhB8N1XKxYBb
The free version would be using a PowerShell script to automate the deployment of the Wazuh agent across multiple Windows Instances.
You can run this script locally on each system, or you can use PowerShell remoting "Invoke-Command" system.
It would login inn with admin rights, then have the script invoke a webrequest to download and install the agent, start the service.
Good practice is also running Remove-Item to clean up things after yourself.
Using Deply tools is only really needed if you want to keep a lot of software updated across a fleet of systems. Otherwise highly overkill.
@@eriknilsen_trainingday Yes and no. PDQ Deploy offers a completely free version that can easily be used to deploy custom scripts. Plus, it provides a convenient deployment progress status in the UI-something you’d struggle to replicate in a PowerShell script, especially if you’re not well-versed in PowerShell. PDQ Deploy isn’t overkill; in fact, it’s incredibly user-friendly and can handle a lot of the heavy lifting for you, especially if scripting isn’t your strong suit. It’s also worth noting that not everyone is comfortable with PowerShell. Getting PowerShell to work smoothly across a domain environment, especially with even basic security controls in place, can be an uphill battle due to issues like language mode, execution policy, etc.
@@ReasonableITService just looked through the free tier again, and you’re right, it should do what you need in this instance. Might be a lot easier if not well versed in maintenance of the environment yes.
Hi thanks for this amazing video. I follow all the steps but i see no alert or deleted attempt in wazuh.
2024/05/12 18:59:07 wazuh-integratord: ERROR: Unable to run integration for -> integrations
2024/05/12 18:59:07 wazuh-integratord: ERROR: While running virustotal -> in. Output: exception
2024/05/12 18:59:07 wazuh-integratord: ERROR: Exit status was: 4
question: When i already have a windows machine connected to internet and able to download a free antivirus which not only covers all folders and memory from virus then why do i need this that on covers download folder ?
That's a good question and the short answer is, you don't. Matter of fact windows os has been coming with a built in Anti-virus since about Windows 8. BUT, the point is, a tool like this can grant you all kinds of further granular control and monitoring of your systems from a cyber-security perspective.
Windows defender can feed its logs to wazuh server , this is the best use case combining both.
Thought this was going to be helpfull. I followed along a few times. but what came out wasn't an .exe file. Not sure if something has changed or a step was left out of this video that prevented me from getting the same results. I would enter this: pyinstaller -F
emove-threat.py But I kept getting: Script file '\
emove-threat.py' does not exist, while I was running P.S. from the folder with the file as you did here. I tried both with and without the header you mentioned having issues with.
Try this:
- Ensure your .py file name is exactly: remove-threat.py
- Stick your remove-threat.py file on your desktop
- Run powershell as admin
- Type and run this command: cd c:\users\yourusername\desktop
(be sure to replace 'yourusername' with your actual username)
- Type and run this command: pyinstaller -F
emove-threat.py
@@ReasonableITService I am literally stuck in the same spot and having the same problem. I have deleted and recreated the python file 3x and still getting .spec output and not .exe....something wonky going on, it just doesn't make sense
@@theOcsurfbum A successful conversion process should spit out one 'remove-threat.spec' file and two folders called 'dist' and 'build'. The converted remove-threat.exe file you need should be in the 'dist' folder.