Threat Detection & Active Response With Wazuh
ฝัง
- เผยแพร่เมื่อ 22 พ.ค. 2022
- In this video, I cover the process of detecting and defending against threats and attacks with Wazuh. In the context of blue team operations, Wazuh is a SIEM (Security Information Event Management) system that is used to collect, analyze, aggregate, index, and analyze security-related data consequently allowing you to detect intrusions, attacks, vulnerabilities, and malicious activity.
You can register for part 2 of this series for free here: bit.ly/3yJqT3c
//LINKS
Wazuh: wazuh.com/
Wazuh Documentation: documentation.wazuh.com/curre...
Video Slides: bit.ly/38F2t0m
Register For Part 2 Of This Series: bit.ly/3yJqT3c
Get 100$ In Free Linode Credit: bit.ly/39mrvRM
//PLATFORMS
BLOG ►► bit.ly/3qjvSjK
FORUM ►► bit.ly/39r2kcY
ACADEMY ►► bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► bit.ly/3sNKXfq
DISCORD ►► bit.ly/3hkIDsK
INSTAGRAM ►► bit.ly/3sP1Syh
LINKEDIN ►► bit.ly/360qwlN
PATREON ►► bit.ly/365iDLK
MERCHANDISE ►► bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link (73% Off) ►► bit.ly/3DEPbu5
Get $100 In Free Linode Credit ►► bit.ly/39mrvRM
Get started with Intigriti: go.intigriti.com/hackersploit
//CYBERTALK PODCAST
Spotify ►► spoti.fi/3lP65jv
Apple Podcasts ►► apple.co/3GsIPQo
//WE VALUE YOUR FEEDBACK
We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
//THANK YOU!
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
-----------------------------------------------------------------------------------
#Cybersecurity#BlueTeam - วิทยาศาสตร์และเทคโนโลยี
This channel is a goldmine! Thank you for all your time and effort!!
Came across your videos a month ago and won't stop until I see ALL of them.
But what really cranked me up here was hearing how PUMPED up you were when you saw it's a real(-time) attack. Gold. :)
Thanks for the awesome videos. PLEASE keep doing them.
Fantastic series! It's awesome that your Ubuntu instance was actively being attacked while you were making this video. That really demonstrates the value of a SIEM and also highlights the fact that attackers are always trying something. Thanks for the videos!
Thank you for creating this awesome content. Glad to see those real time attack surface and mitigation techniques. You are doing great job Alexis ❤🙌
Great video! I did not realize Wazuh can configure action to add active response rule. Thank you for the content! I learned a lot
Great video. Loved the demo with adding some active defense.
Really informative, thank you!
Thank you very much, very interesting content, especially with that unexpected brute force attack. A real case.
Hello thanks for detailed video on Wazuh! Could you please cover correlation part also.
One of the best infoSec expert..🙏
It is very much knowledgeable video for those who are Wazuh Siem Administrator. Thanks HS
Hey bro your all videos are very informative...
Can you please make a video on DArknet chip (How it is use)
I think this is one of your better how-to videos. The real attack and watching how you used Wazuh to gather details and invoke a basic defense definitely added to what otherwise would have been a rather boring walk-through of the installation and capabilities.
This video has been so useful! The one question I have, is how to build a set of rules that can be built into the solution **before** moving a server into production. To me, that would seem to be better than trying to deal with problems as they happen.
Thanks for the great video. Is there an option to to add some kind of logic to the active responses? For example, block the IP address only after 5 or 10 failed attempts?
Thank you!
Nice walkthrough I am learning security onion in school and noticed Wazuh is part of it.
between them which one better and easier
@@nbctcp3450 security onion is pretty easy to use so i would say that one but probably because i've used it more than wazuh shown in the video
@@QuantumNaut I have tried SecurityOnion last night. The problem was.
1. I can't pull as docker image
2. iso size is big 8GB and 6GB of it is docker repository
I can't find on how to install SO in Docker. If you have one please let me know
Great ! Very fruitable … 🤓
bro, is there any chance to watch your videos with enable from application dark theme or if this is not a option to use "Dark reader" addons to browsers? It will be great if this is possible.
thanku for this kind of knowledge video we want more about it plz sir.....and ur voice is more magical
I noticed when you when you deployed the linux server on Linode, you did not setup ufw or fail2ban on linux server. If ufw and f2b are setup, will that effect Wazuh performance?
How can we integrate the hive with wazuh plz make an video
when we set the rule to prevent the brute force attack, That rule is for all the traffic from externa network?
Very informative video on Wazuh Active Response
Are there any ways of getting the active response to block IP:s in a firewall appliance instead of the host firewall?
Yes, you can actually write your own scripts that execute as the active response to an alert. The location XML tag that he used specifies if the response is run on the agent machine or the wazuh server so you can specify where to run the script in response.
How can you install the wazuh agent on the wazuh server? I would like to monitor the actual server for attacks since its public facing. Thanks for the videos please create more with live attacks.
Wazuh-manager monitors itself.
Hello, question, min 24:29 Check Wazuh API connection error, How did you fix it?
What is your operating system name💜💜
There is Bandung on the geoLoc, wow
Does it help in stopping DOS attack on 443 port?
Wazuh has built-in rules to correlate multiple authentication failure events and identify brute force and DDoS attacks. But you can also create your own rules to detect specific attacks. The Wazuh active response capability acts on detection of an attack and can block the attacker's IP. Also, if you have a tool to detect DDoS attack you can make Wazuh read its logs and trigger alerts and an active response. Join the Wazuh community to get further answers.
@@javimed9669 Thanks👍
Am from Kenya and I really don't think the attacker was from Kenya😂Great series
I can't run wazuh of windows 7 for some reason i have tried different versions but it still doesnt work any guides..
Hi. Once you've installed the central components on your Linux server, you can install a Wazuh agent on your Windows 7 endpoint following the "Installing Wazuh agents on Windows systems" guide on the Wazuh documentation site. Join the Wazuh community to get full answers
Please.... Never ssh with root. Basic rule 🙏
Please continue with web app penetration
First
Katarzyna means „Kate” in Polish 😅
Katarzyna - Polish female name ;-).
Thank you for letting me know. Unfortunately I butchered the pronunciation.
@@HackerSploit Everything was perfect like you and your channel. I saw many Polish names and surnames in your video. But attacker IPs was from China. This is interesting regardless to what is happening in Ukraine. And how Poles help refugees from Ukraine. It may be naive but it is interesting.
Ubuntu is not operative. Alpine Linux is mine.
ada indonesia coyy