Wazuh is awesome! You should do more Wazuh tutorials for those unfamiliar, it'd help save so many ppl's data. Absolutely wonderful video man, glad your part of the cyber security community! 🤘🏼😎
One of the most underrated youtuber in cybersecurity domain. Wishing you to reach more subscribers in future as these kinds of contents will be useful for many in this modern technology based society. Appreciate your consistency and determination on making these contents brother. Love from India ❤
I am just starting to configure and use Wazuh in our company and honestly this is one of the most informative and helpful video on YT I have ever seen. Really great information. Have to check out your other posts and we be happy to see more of this. Thank you so much!
Excellent video. You did an amazing job explaining the features and do manage your voice/tone very well. Just subscribed to your channel. Yes, please add more Wazuh videos!
Great video. I got your class course, and I was used Wazuh as additional SiEm tool to monitor on top of Splunk. With the FMI I will have more conf on windows and other OS. Thank you again 🎉for
Great video 👍🏽 To build on this, seems you mentioned your client had AD in the environment, it would be great to see a video of how you could deploy agents to machines using group policy and how you update the OSSEC file remotely so that you don’t have to visit each machine individually.
This vid is gold! Ive been using wazuh on a virtual machine for awhile to learn it. Its been great. Specially when poking my windows machine with kali linux and then check wazuh dashboad
Muy interesante la verdad te agradezco mucho, tu contenido es de calidad, podrías explicar cómo puedo poner que estos eventos pasen a ser "alertas criticas"? hay alguna posibilidad?
This was great and very informative! More Wazuh content, please. This Wazuh update with FIM looks like a great monitoring tool. How does Wazuh compare with Lima Charlie? Which is a more comprehensive security tool and why? Thank you in advance for any info you can provide! 🙂
Great question! They both have their pros and cons but the main difference here is that LimaCharlie is more modular if that makes sense. It can work with practically any tool. Wazuh is more of a complete solution if tuned/configured properly. If possible, I would use both tools :)
From today, you earned my subscription and I take you as my mentor. please accept me. I love the way you take your time to explain. I would want to implement wazuh in my present organization because we do not have a cyber security team and I would like to break into that space. we have a file server and a domain controller and 3 other member servers. My main question is, ON WHICH SERVER WOULD I INSTALL WAZUH. Hope to get a response.
Fantastic video! I do have two questions: If I have multiple endpoints, how do I easily add custom paths to monitor in FIM? Do I have to manually edit the ossec.conf in every endpoint? Second question: Instead of drilling down to look for an alert in a every single endpoint, does the fim alerts appear in the top/main dashboard?
You can use a centralized config file documentation.wazuh.com/current/user-manual/reference/centralized-configuration.html and use the alerts dashboard for an overview rather than drilling down into each host
Great video,can you make tutorial how to push config files to agents? Becouse no it admin is gonna sit and config lets say 100 workstation one by one to monitor.
That is a great idea! In the meantime, I believe this documentation from Wazuh would be helpful: documentation.wazuh.com/current/user-manual/reference/centralized-configuration.html
This is brilliant Steven...but the question I have is this...In a real life scenario how would you install the agent unto the pc to monitor it if it belongs to a staff or is there a way to automatically have it installed by default through active directory or something...Maybe through the office domain and all
Ive seen this done via GPO, SCCM, or manually via remote support. Really depends on the organization. As per Wazuh documentation “If you are deploying Wazuh in a large environment, with a high number of servers or endpoints, keep in mind that this deployment might be easier using automation tools such as Puppet, Chef, SCCM, or Ansible.”
Hi, Would love to know how will you document for learning purposes after performing an attack such as using Atomic Red Team I followed your video and bought your roadmap thanks!
Completely up to you! Some examples can be to create a step by step on how to setup/execute attacks and/or create a how to document on detecting the attacks you ran. Thanks for the support!
They didn’t call the helpdesk, they called their IR hotline which is completely different and this is quite common for small firms especially if they are hit with ransomware. These IR hotlines are usually consulting firms and/or MSSPs that offer IR services.
Wazuh is awesome! You should do more Wazuh tutorials for those unfamiliar, it'd help save so many ppl's data.
Absolutely wonderful video man, glad your part of the cyber security community! 🤘🏼😎
Thank you! I will definitely continue to provide tutorials for you all ❤️ thanks for watching.
@@MyDFIR Thank YOU! That's very much appreciated. 🙂
One of the most underrated youtuber in cybersecurity domain. Wishing you to reach more subscribers in future as these kinds of contents will be useful for many in this modern technology based society. Appreciate your consistency and determination on making these contents brother. Love from India ❤
Wow, thank you! That means a lot to me ❤️
I am just starting to configure and use Wazuh in our company and honestly this is one of the most informative and helpful video on YT I have ever seen. Really great information. Have to check out your other posts and we be happy to see more of this. Thank you so much!
Glad it was helpful! It was really fun making this video and there definitely will be more Wazuh content coming this year!
Excellent video. You did an amazing job explaining the features and do manage your voice/tone very well. Just subscribed to your channel. Yes, please add more Wazuh videos!
Thank you! I’m glad you found it helpful! I’ll keep the Wazuh content coming.
You just won a subscriber.
This is just what i was looking for all over TH-cam.
Please provide more on both ubuntu and windows os.
💯🔥
Thank you!
Wow. This was a BANGER of a video! Thanks to the algorithm.
You’re awesome 💙 thanks for watching!!
Wazuh is super tool! Please, make more wazuh tutorials, and thank you for your videos!
More to come!
my man i got to learn so much in such a easy way
would love to see more content like this..
Thanks! Stay tuned 💙
Great video. I got your class course, and I was used Wazuh as additional SiEm tool to monitor on top of Splunk. With the FMI I will have more conf on windows and other OS.
Thank you again 🎉for
Awesome!! Thanks for your support and I hope you learned a lot ❤️
@@MyDFIR I do I do
Great video! With simple to follow examples but very helpful. Keep it up!
Thanks, I appreciate it!
Great video 👍🏽 To build on this, seems you mentioned your client had AD in the environment, it would be great to see a video of how you could deploy agents to machines using group policy and how you update the OSSEC file remotely so that you don’t have to visit each machine individually.
Great suggestion, I'll add this to one of the videos to make in the future. I am sure many would benefit from seeing that!
Omg!! It was wanderfull. Hopefully you will include in your course
Thanks!
Awesome job..excellent and clear to understand tutorial
Glad it was helpful!
I am loving Wazuh!!!
Glad to hear!!
Thank you very much! Amazing video man... I've learned a lot. More videos on Wazuh BTT🙂
My pleasure 💙
to add new agent:
server management -> endpoints summary -> deploy new agent
Loved your video on FIM also!
Glad you enjoyed it!
Thanks am learning something from uganda africa
Nice!
Fantastic explanation!! Just subscribed 👍
Awesome, thank you!
nice sharing, please share it more
Thanks for watching!
This is a great video, thanks for sharing. :)
Thanks for watching!
Love to see your videos
Thank you for watching ❤️
Thank you for this!!
You're so welcome!
An updated wazuh installation and configuration vid would be great. Particularly in docker
Great idea!
This vid is gold! Ive been using wazuh on a virtual machine for awhile to learn it. Its been great. Specially when poking my windows machine with kali linux and then check wazuh dashboad
Glad it helped! I’ll definitely put that to the list
Muy interesante la verdad te agradezco mucho, tu contenido es de calidad, podrías explicar cómo puedo poner que estos eventos pasen a ser "alertas criticas"? hay alguna posibilidad?
This was great and very informative! More Wazuh content, please. This Wazuh update with FIM looks like a great monitoring tool. How does Wazuh compare with Lima Charlie? Which is a more comprehensive security tool and why? Thank you in advance for any info you can provide! 🙂
Great question! They both have their pros and cons but the main difference here is that LimaCharlie is more modular if that makes sense. It can work with practically any tool. Wazuh is more of a complete solution if tuned/configured properly. If possible, I would use both tools :)
we need another project with wazuh and caldera
Oooo 👀👀
More Wazuh content please, im trying to monitor a specific directory on mac but its not working
From today, you earned my subscription and I take you as my mentor. please accept me. I love the way you take your time to explain. I would want to implement wazuh in my present organization because we do not have a cyber security team and I would like to break into that space. we have a file server and a domain controller and 3 other member servers. My main question is, ON WHICH SERVER WOULD I INSTALL WAZUH. Hope to get a response.
Ideally you would spin up another server dedicated to Wazuh.
Fantastic video! I do have two questions: If I have multiple endpoints, how do I easily add custom paths to monitor in FIM? Do I have to manually edit the ossec.conf in every endpoint? Second question: Instead of drilling down to look for an alert in a every single endpoint, does the fim alerts appear in the top/main dashboard?
You can use a centralized config file documentation.wazuh.com/current/user-manual/reference/centralized-configuration.html and use the alerts dashboard for an overview rather than drilling down into each host
Hello, this must be configured in each of the deployed agents. Is there a way to do this from the dashboard?
Great video,can you make tutorial how to push config files to agents? Becouse no it admin is gonna sit and config lets say 100 workstation one by one to monitor.
That is a great idea! In the meantime, I believe this documentation from Wazuh would be helpful: documentation.wazuh.com/current/user-manual/reference/centralized-configuration.html
Hey bro,can you do a video on how to integrate wazuh with slack to get real time alerts
Great idea, ill add that into my content list!
👍
This is brilliant Steven...but the question I have is this...In a real life scenario how would you install the agent unto the pc to monitor it if it belongs to a staff or is there a way to automatically have it installed by default through active directory or something...Maybe through the office domain and all
Ive seen this done via GPO, SCCM, or manually via remote support. Really depends on the organization. As per Wazuh documentation “If you are deploying Wazuh in a large environment, with a high number of servers or endpoints, keep in mind that this deployment might be easier using automation tools such as Puppet, Chef, SCCM, or Ansible.”
@@MyDFIR Okay...thanks alot brother
Hi,
Would love to know how will you document for learning purposes after performing an attack such as using Atomic Red Team I followed your video and bought your roadmap thanks!
Completely up to you! Some examples can be to create a step by step on how to setup/execute attacks and/or create a how to document on detecting the attacks you ran. Thanks for the support!
can all the fim configuration be done centrally in agent.conf? I'm guessing yes.
Spot on!
Which siem tool best to learn for beginners?
Any free one that you can put your hands on :) Wazuh is great
How can i know if wazuh is compromised by hacker? The dashboard ce showed a few File deleted the wazuh manager host device.
I have one question ccna or comptia network+ which one is best for cybersecurity...
Both are good and both are optional but you must at the very least, understand networking concepts.
Hello! Quick question, are you running all these methods inside a virtual machine? Cause i'm thinking of creating one through microsoft azure
Yup! Every lab video I use a VM as it’s easier for clean up when done.
@@MyDFIR alright, thank you. Will try doing this and exploring some more as an additional to my portfolio.
You can tell his story about Accounting X was fake immediately because the CEO would never call the Helpdesk.
They didn’t call the helpdesk, they called their IR hotline which is completely different and this is quite common for small firms especially if they are hit with ransomware. These IR hotlines are usually consulting firms and/or MSSPs that offer IR services.