Thank you so much for all your content! It has been a great learning curve and experience. A question - I currently have sysmon monitoring enabled, and when I tried to add this configuration for Windows Defender event channel, my agents were not sending any events to Wazuh. Anything I may have missed, or does Wazuh not support multiple event channels on a group agent configuration?
Hey, unfortunately I don’t have a subscription to Symantec and I do not see a free trial available on their website. Do you know of anything I could take advantage of to complete a demo with Symantec?
Hey Numan, I attempted to the other day but Azure requires a premiere license to make the API calls to O365 to collect activity logs. I tried a trial but unfortunately it was the same result....I will keep exploring and let you know what I find.
Hey Marcio, you should not have to make any client buffer changes, but if the endpoint you are looking to collect these logs from is already sending a high volume of logs, you can increase the amount of logs collected with the client buffer setting: documentation.wazuh.com/current/user-manual/reference/ossec-conf/client_buffer.html Hope that helps!
quick and easy, thanks for not wasting my time
Thanks for the video it's great
Very good video, now only think I miss is a kibana dashboard with ClamAV/Defender information
Thank you so much for all your content! It has been a great learning curve and experience. A question - I currently have sysmon monitoring enabled, and when I tried to add this configuration for Windows Defender event channel, my agents were not sending any events to Wazuh. Anything I may have missed, or does Wazuh not support multiple event channels on a group agent configuration?
Thanks, Nice video.
good video.
how about another antivirus? maybe like a trendmicro or something else?
Thanks . it works like a charm 👌is there a possibility to send only errors and warning alerts?
Thanks!
Thanks, please create a video log symantec enpoint to wazuh
Hey, unfortunately I don’t have a subscription to Symantec and I do not see a free trial available on their website. Do you know of anything I could take advantage of to complete a demo with Symantec?
Symantec server allows to send syslog, it could be done on SEPM directly.
Thanks for informative lecture,,,,
Please create a video how to fetch azure activity log into Wazuh, I hope you will create
Thanks
Hey Numan, I attempted to the other day but Azure requires a premiere license to make the API calls to O365 to collect activity logs. I tried a trial but unfortunately it was the same result....I will keep exploring and let you know what I find.
@@taylorwalton_socfortress Thanks alot for your effort..
How about kaspersky
Need to create the client_buffer?
Hey Marcio, you should not have to make any client buffer changes, but if the endpoint you are looking to collect these logs from is already sending a high volume of logs, you can increase the amount of logs collected with the client buffer setting: documentation.wazuh.com/current/user-manual/reference/ossec-conf/client_buffer.html
Hope that helps!
wazuh name is like 'whatsup', not 'wazoo'. good piece of software with an unfortunate name to pronounce.