Introduction To Wazuh SIEM
ฝัง
- เผยแพร่เมื่อ 27 พ.ค. 2024
- This video will introduce you to Wazuh and will explain how it works and how it can be used for threat detection. In the context of blue team operations, Wazuh is a SIEM (Security Information Event Management) system that is used to collect, analyze, aggregate, index and analyze security-related data consequently allowing you to detect intrusions, attacks, vulnerabilities, and malicious activity.
You can register for part 2 of this series for free here: bit.ly/3yJqT3c
//LINKS
Wazuh: wazuh.com/
Wazuh Documentation: documentation.wazuh.com/curre...
Video Slides: bit.ly/38F2t0m
Register For Part 2 Of This Series: bit.ly/3yJqT3c
Get 100$ In Free Linode Credit: bit.ly/39mrvRM
//PLATFORMS
BLOG ►► bit.ly/3qjvSjK
FORUM ►► bit.ly/39r2kcY
ACADEMY ►► bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► bit.ly/3sNKXfq
DISCORD ►► bit.ly/3hkIDsK
INSTAGRAM ►► bit.ly/3sP1Syh
LINKEDIN ►► bit.ly/360qwlN
PATREON ►► bit.ly/365iDLK
MERCHANDISE ►► bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link (73% Off) ►► bit.ly/3DEPbu5
Get $100 In Free Linode Credit ►► bit.ly/39mrvRM
Get started with Intigriti: go.intigriti.com/hackersploit
//CYBERTALK PODCAST
Spotify ►► spoti.fi/3lP65jv
Apple Podcasts ►► apple.co/3GsIPQo
//WE VALUE YOUR FEEDBACK
We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
//THANK YOU!
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
-----------------------------------------------------------------------------------
#Cybersecurity#BlueTeam - วิทยาศาสตร์และเทคโนโลยี
Great evolution. From replacement OSSEC as HIDS to all in one security solution (SIEM+XDR).
The new version of Wazuh no longer has ELK onboard. It has been replaced with a native search and indexing solution. The gui is now different too. Would like to see this video redone based around the new version.
very good topics with snort and wazuh, thanks
Great.. Looking forward to the next one in this series.
Thank you this was a great breakdown of this SIEM
For everyone who's reading this, wish you an amazing day! 🔥❤
Thanks u too
Same to you!
Have a great day too
Same 2 u bro
It was a bad day mate
Thank you so much as you do for teaching us
Great info, you got a new subscriber
Thanks for the help!
need more video related to Wazuh SIEM
In preparation for this lab I installed and configured the Security Onion iso. How can I use it with this lab please?
Does anyone know where I can get access to the rest of the series? There are 3 videos related to WAZUH on this channel, but in the description there's link for a part 2 in all of them. Problem is the link doesn't work and the uploader seems to be gone... Thanks.
Can wazuh 4.5.2 be installed on debian12? Can you make a flatpak, please?
Setup and config video podunga bro
No setup video?
Great alexis
Do someone know ho to change ip adress of wazuh after installation?
Great
You know in my red team/blue team engagement, the very first thing i did was to disable beat and Splunk UF and blue team was completely blind and oblivious of any attacks.
From a blue team's perspective, disabling of UF/EDR would trigger a detection right away. Or, if logging stops coming in.
@@killacups there hasn't been a single case in the last 10 years when detection triggered upon killing the UF/Beat process.
Sorry, my answer was a bit more generalized. This completely depends on the environment.
Once elastic drops their update with their own native agents, wazuh will be useless. I’ve only ever used endgame for host agent (enterprise deployment) and if you’re somehow able to kill the endgame agent, it absolutely triggers an alert. Still can’t believe wazuh or beats doesn’t trigger on disable. That’s a huge open source gap if true
please sir can u make us video on pegasus
Nice, First of all you make Elastic search video. There is lack video becasue you directly jump on wazuh.
Does the Wazuh support with App logs?
No but Filebeat does
Yes it support integration of app log.
I think am first to watch this
That's what we all say
isnt wazuh EDR/XDR? is it just a siem?
It’s EDR/XDR yes. But in combination with ELK it could be used as a SIEM. But I think there are still a lot of missing functionalities
👋👍
great information ❤️❤️🤍
Whats difference between Wazuh and Splunk
They are different products for logging. If you look into the Pricelists, you will see the difference 😂
By using wazuh you will reduce logs size which you sending to splunk.you can use wazuh as filter for spending important logs to splunk.
Need hive and s3 bucket integration videos too
There is video on youtube for s3 bucket integration with wazuh
Monitoring non wazhuh devices
I create SIEM put wazu out of business :)
A lot is still missing, the engine at the base is still ossec with a “signature based type of rules”. Tu much correlation capabilities are missing to call it a siem.
Of clouds… better then nothing but still, calling it a siem is misleading
Hi. Wazuh provides threat prevention, detection, and response capabilities and helps with regulatory compliance. It collects logs from disparate sources and analyzes near real time the security events. It also considers historical and contextual data allowing incident management. It has useful dashboards and reporting capabilities. Wazuh is indeed a complete SIEM + XDR platform. Perhaps you would like to discuss particular features you don't find in the product? What are the missing correlation capabilities? Thank you.