Hey Michail, yes, wazuh is an awesome tool :) I have a lot of other wazuh videos so check those out if you haven’t already. Please feel free to make any recommendations for other tools! Thanks for watching!

Hey Yassine, good question. Wazuh can ingest syslog which firewalls and switches can be configured to output. However, firewalls and switches generally have their own OS which is far different than a Linux, Windows, etc. OS and a Wazuh Agent cannot be installed on those type of OS. I recommend deploying a Wazuh-Agent on a jumpserver, bastion, reverse proxy, etc. that end users must interact with before they can get into your network. For example, one of my networks has a bastion server that users must logon to before they can interact with any internal hosts. The bastion server is a linux distro, is facing the internet and is running a wazuh-agent. I have active response enabled on this server so, for example, when an Ip address is observed attempting to login with multiple failed logins, active response runs and adds their IP as an iptables drop to the bastion server. This is a server that sits behind the firewall and in front of the internal network so no traffic can get through unless a valid user has logged onto the bastion server first and is a similar solution to what you are looking for. Hope that helps and thanks for watching!

did you find the right password?

@@antonandreea5291 you have to log in via ssh, so: ssh admin@