this Cybersecurity Platform is FREE

Рет қаралды 592,038

Күн бұрын

Пікірлер: 450

@l3eant0wn02110 Жыл бұрын

Security practitioner/professional here.. this walkthrough is excellent, and this can easily be done in small business env's as well as in a individual's personal home. The cost of entry is just the time it takes to learn, but this can be done by anyone with some time and motivation. You don't even need dedicated computers or servers, this can be done on a Rasberry Pi.

@briccimn Жыл бұрын

I gree and am very hopeful, but time is the problem... I think one can't spend all day long working on computers and in the free time doing the same.

@xelerated 8 ай бұрын

Until wazuh gets a bigger user base then they will screw everyone over like nessus and rapid7. ill bet money on it.

@megvzx6590 7 ай бұрын

@@xelerated yeah honestly it's a great platform, offering siem, and threat hunting Capabilities.

@Manavetri Жыл бұрын

The presentation is excellent, giving real examples, not like the vast majority of KZbinrs who say what is theoretical and that's it. It would be great if you could make a series of videos on wazuh, setups, examples, case studies, etc. Again, brilliant, and thanks for sharing, total genius.

@geroldmanders9742 Жыл бұрын

While the software is explained pretty clearly, I have some reservations. On a completely fresh Ubuntu Server 20.04.06 VM (ProxMox) without any extras installed. I followed the links provided in this video and it said this version of Ubuntu is fully supported. The quick install script starts and crashes after a while. The on-screen instructions tell me to extract a generated archive to continue the the installation. That generated archive, well, it isn't generated. Ah well, just scrap the current VM and restore a snapshot I created just after installing Ubuntu Server and retry. Nope. the quick insatll script failed again. Different generated archive failure. Scrap it and restore the snapshot again. Again the script fails, again the first generated archive failure. Found a manual for manual (offline) installing the software, but is is very involved. That method took also a lot more than 5 minutes. But that method at least worked. Once the software runs, it does look good.

@briccimn Жыл бұрын

@@geroldmanders9742 these software ARE convoluted. Still, the necessity of lurking into dozen of configuration scripts is the problem. You know, they are aimed to system admins, well, but the home-labbers or technicians who want to replicare some high level systems with their customers, need the knowledge of large-scale business, but are on their own. Keeping all the knowledge to gear those things is also not so simple, although it is intriguing to learn about. You yourself faced with the installation issue. I cannot declare it is the norm, but sometimes it is frequent. Take me, I'm in the 50ish, and notbeing a digital born, I have always aimed to learn as much as possible in IT, and am still able to learn and follow or guide my customers into digital world, but for me and few other colleagues who participate into this research of nice and powerful tools (ProxMox, TrueNAS, UNRAID, network security tools, NAS self-construction...) the hardest wall to splash your face to is the issue prone systems that those software lead. I also face frequently with VM problems, so putting a test bench on, is a matter of build physical hardware that has costs, and consumes time.

@GvRy8_5x46o7yXgSGaaJ. Жыл бұрын

Few years in to cybercsecurity and you have opened up my world by this practical application. I understood your vocabulary which was super motivating. Thanks keep the videos coming.

@FireballFofo2 4 ай бұрын

Hi brother I was wondering if I can contact you another way to learn about cybersecurity

@TimofeeHD Жыл бұрын

The Seth Rogen of Cyber Security.

@HeyDudee Жыл бұрын

Fact!

@desordenpublico Жыл бұрын

Bruh I thought I was the only one , even his laugh

@matteovalentino4890 Жыл бұрын

This is incredible

@yaboy7120 Жыл бұрын

💀

@ReligionAndMaterialismDebunked Жыл бұрын

Fellow Jewish brother, Seth Rogen, and fellow Seth.

@ivanshmilyk7614 3 ай бұрын

thank you for showcasing and going along with the official documentation, many (most) KZbin content creators will make a video that goes just repeats the official guidelines, and will pretend it's "their own know how" without mentioning where they got the info from, super annoying! And for you, Mr John Hammond, - my deep respect for both the content you do, and also how you do it.

@userhandle3378 12 күн бұрын

Been meaning to deploy this project since you posted over a year ago. Happy I stayed up late and got it up in the home lab. Can't wait to take this to work and impress all the plebs. Thanks for the hand hold John, it's always nice to walk through the weeds with a friendly face, even if this one was easier than configuring a static IP for netplan on any newer Ubuntu distro.

@lyesmessi6818 Жыл бұрын

I'm actually amazed at the amount of tools and services Wazuh can provide. Also, thank you Josh, that was very well presented.

@SambhuRajendran 3 ай бұрын

josh?

@olivierdulac 7 ай бұрын

Instant like and suscribe. However there is a pb at 27:50 : before deleting the file [Which in effects just unlink the file, ie deletes the directory entry helping to point the actual file : if that file is still running or opened, it would still be present and active!] it should instead do first : sudo lsof -Pn and try to see if that exact file (matching the inode!!, 8th field in the lsof -Pn and 1st field in ls -ild) and kill any pid (2nd field) matching this inode. Only then, after another lsof check, delete (=unlink) the file. Making sure to not kill the script itself of course ^^.

@galopeian 2 ай бұрын

Very cool tool. I'm going to try this out. Would also highly recommend that everyone reads at least a few of the CIS Benchmark PDFs to harden your system manually. It's actually very fun to do it all the way through.

@XiSparks Жыл бұрын

@JohnHammond I'm glad you're able to do all these cool videos that feature various tools, but I miss the days of solving CTF's in the long form format

@Gonix_444 Жыл бұрын

wach kho cv

@445Matty Жыл бұрын

Money talks. Long format brings only enthusiastic people together while the other format is more click-baity.

@richardj163 7 ай бұрын

This video probably saved an organization from getting hacked. Thanks!

@lkentwell249 Жыл бұрын

Nice deeper dive. One thing that would be great to see is vulnerability auto remediation.

@RTCW-ET-MOVIES Жыл бұрын

Agreed. This would be my use case scenario.

@lkentwell249 Жыл бұрын

@@RTCW-ET-MOVIESI mean I'm sure you can do it just by kicking of a script or even a command remotely that does something like simple like apt-get update and boom its done. Windows even has it's own tool which you can run from cli to force it to download and install updates. Would just be nice to see that as an option builtin. I think that would make this virtually the ultimate free SIEM.

@anonp2958 Жыл бұрын

I've known about Wazuh for a while, however, a lot of people may not and I genuinely love watching your videos. Followed for a long time but rarely, if ever, comment. So here's a huge thanks for the hard work you put into your amazing content.

@GrahamSmart Жыл бұрын

Wazuh is great. i use it as part of a larger security offering.

@speedup070605 Жыл бұрын

Yes please more tutorial video with Wazuh. And thank you so much for sharing your knowledge with Wazuh. Love your work

@joshc4113 Жыл бұрын

Hey John Go to 0:17 in the video. what's that behind you? I'm just hoping your aware of it, and I didn't just convince myself there's ghosts. I need to get better sleep lol Your the man J.H.!!! Appreciate all of your efforts in sharing all you do!!! I cant thank you enough for what I've learned from you it helped spark the interest of everything I've learned in the past couple years, appreciate the depth and clarity in your content. Thanks again John Josh...

@Quinton1969 Жыл бұрын

Talk about timing. I just reinstalled mine after a Linux Upgrade bricked the dashboard. As always, thanks for the clairvoyant topic post.

@shahrezaa 11 ай бұрын

I was so lost in studying cybersecurity until I watched this Wazuh video. Now I understand it clearly. Especially studying for the SOC Analyst job. Thanks a lot John. This is the best straightforward, highly informative and no-nonsense video.

@deffdepth824 Жыл бұрын

I just added this to my home network this week. It's awesome.

@carlosfandango2204 3 ай бұрын

I’m gonna set this up in my company first thing tomorrow morning it’s frickin awesome and free!

@koushikraj9815 3 ай бұрын

Can you please use the update version. The ui changed to the point, I am confused where is where.

@heberrodriguez6997 Жыл бұрын

We have been using this for sometime, it’s excellent!!

@mathas604 Жыл бұрын

Honestly this kind SIEM deployment and testing is one of my favorite's topics. Thanks @JohnHammond

@JackHanington Жыл бұрын

This is incredible. Thanks so much for making me aware of this and doing a deep dive. I can't wait to set this up in my lab. Appreciate you.

@J.DSilva Жыл бұрын

Great video! Please create a series about this tool! It will help us a lot!

@AtelierEls 4 ай бұрын

Hey John, Any plans to redo your Wazuh overview/tutorial on v4.8.0 of the App. Since their complete overhaul of the GUI, some settings are virtually impossible to find or correlate to your presentation. Cheers!

@xanzut Жыл бұрын

Been using this for quite a long time, and this becomes challenging when wanting to monitor containers on top of Kubernetes or something like that. Tried to isolate the agent as a container, but it became duplicated when the container was re-deployed 😂

@Matty100 Жыл бұрын

Thanks I think I was just thinking about doing something like this minus the kubernetes

@RTCW-ET-MOVIES Жыл бұрын

What is going to be your resolution for resolving this?

@xanzut Жыл бұрын

@@RTCW-ET-MOVIES for automatically deployed to every node, using a daemonset or statefulset, to prevent duplicate agent, mount the wazuh agent key to the host to prevent regenerating key when redeploy the pod, so the master will recognize as existing agent instead of a new one

@amjads8971 Жыл бұрын

@@xanzutdo we have this solution documented anywhere ?

@xanzut Жыл бұрын

@@amjads8971 I don't find any documentation about this case, even in wazuh documentation only mention monitoring docker via docker socks

@andymok7945 Жыл бұрын

Thanks. Watching it again and doing the install on my Ubuntu VM running on Proxmox.

@dlcrdz00 Жыл бұрын

HAHAHA...I should have my head examined thoroughly. I just spent the last 2 days trying to set this up exactly as you did. I could not for the life of me, get the Agent to connect to the Manager. I'm going to take a break and come back to it. Thank you John for the information.

@_JohnHammond Жыл бұрын

Be careful that your "manager" server does not have the same hostname as any of your agents. When I tried cloning my VMs from a flat Ubuntu image, since I didn't change the hostname from "ubuntu" on the manager server and "ubuntu" on the client agent, it couldn't see the agent (since the 'server' practically is an 'agent'). That's why I force-name mine to "linux" in the video 😅

@dlcrdz00 Жыл бұрын

@@_JohnHammond Thanks for the insight, John. My manager and agent had different hostnames but I found out that my two VM's (Linux) had the same IP Address.

@dlcrdz00 Жыл бұрын

@@_JohnHammond So I got it to work finally. I had to change my network adapter on the Server/Manager to Bridge, and it connected to my Agent. I am assuming that cloning the VM copied the IP Config also.

@ricky2629 Жыл бұрын

This seems like a really useful and interesting SIEM tool. It does however suffer from the main problem infecting all Linux projects. Making a web interface but still requiring the user to configure things through a conf file local on the server. Why? Why can't i change these settings through the web-ui?

@JustSomeGuy009 Жыл бұрын

Seems like they have finally morphed OSSEC+Elastic into a nice opensource solution as I had lookedat this many years ago. I'd like to see videos on feeding network device logs into the Wazuh. And also address how to handle retention of logs and events.

@pg_usa Жыл бұрын

Waiting next video about wazuh…. Make our homelabs secure!

@ShaunBrown8378 Жыл бұрын

How can you use Wazuh for monitoring IOT devices?

@opethian2k2 Жыл бұрын

Thanks for that. It's a really awesome tool i've installed at work to monitor our network couple of months ago. Only big issue at the beginning was the CIS benchmark for ubuntu 22.04 but once you fix the typos and the regex it works A1. Next step for me is to build the Dashboard in OpenSearch

@xcatter27 Жыл бұрын

Just completed this room on THM and was awesome.

@ShawnAnderson-t2l Жыл бұрын

100% agree with all the folks who want to see the series of instructional videos. great topic.

@bilalahmad9638 Жыл бұрын

Will deploy this in my company. Learned lot of things

@LAWRENCESYSTEMS Жыл бұрын

Great work, excellent video!

@steelblade1984 Жыл бұрын

Love it John! Keep it up! I am setting up Wazuh along with you.👍

@SageN- 3 ай бұрын

I was so lost trying to set up my practice homelab project, all the videos i watched didn't work for me. Asante John!

@heatherryan9820 Жыл бұрын

*gives a round of applause* I have to thank you because every one of your videos that I have seen, I have learned absolutely so much. And I was literally just talking to my friend about how it was so aggravating hat all of those weren’t in a single platform (unless you wanted to pay out the rear for it), and then this shows up. So thank you for making the video, and FOR ONCE, thank you to ‘big brother’ listening in on all of our devices, lol.

@grimtagnbag Жыл бұрын

Thank you for the reminder about this. chuck made a video on this and I tried to set it up and failed. But your video it helped and I got it set up

@JuanDuarte_58 Жыл бұрын

Why are so many asking questions that are just a 'control/command + F' away in the official docs? That's why systems keep getting compromised: cause ppl are too lazy to think!

@snarkykat Жыл бұрын

I would like to see something that provides the Wazuh functionality without the need to set up a server, i.e., on just an isolated home computer. I'm not talking about using a paid cloud service

@MattChandlersc Жыл бұрын

Do you know if there is a way to monitor firewalls and network equipment?

@lynic-0091 Жыл бұрын

I love your enthusiasm. Subscribed!

@oschvr Жыл бұрын

I've been managing Wazuh for 2 years now. ama ❤

@xr6turbo511 Жыл бұрын

Great video! I would love to see more on this. Maybe IDS and unauthorized processes?

@ahmadgeo 11 ай бұрын

There is a Proof of Concept, POC guide on their website, very helpful.

@BrianFurios Жыл бұрын

I haven't digged too much into my cybersecurity company, though I know for sure we have these "wazuh" agent installed into our clients and we pay about 40k / year (Europe). We have about 500 clients / servers and obviously support for questions, incidents etc... So at this point... do they actually customize these "wazuh" agents for monitoring stuff (Firewall, Antiviruses etc..) for free and resell them? Is the price any good in your opnion?

@kc-me6wl Жыл бұрын

Interesting question - thank you! would love to hear response back to this!

@andrewhughes459 Жыл бұрын

They are probably creating the active responses, decoders, and rules themselves as Wazuh doesn't really implement much in the default state.

@jameslucas583 Жыл бұрын

Have you asked them to explain what they do versus the cost? Systems like Wazuh are quite easy to install but then they have to be optimised, monitored and managed. That is potentially quite a skilled and labour intensive task. It is quite valid to charge for a service that adds value based on open source software. Also worth noting that Wazuh is a component of the Security Onion open source security distribution so if they are working with this you may be getting more bang for your buck in addition to the rather good Wazuh.

@z3tssu Жыл бұрын

Man thanks for this John! I recently implemented Wazuh in my organization but haven't dived deep into all its features like your showcased today. One question, is there a way to configure a single wazuh agent that can be applied to all endpoints?

@andrewhughes459 Жыл бұрын

Yes, you can modify the default agent ossec.conf on the server and it will deploy it to the agents when they are enrolled.

@wizdude Жыл бұрын

You made reference to Yara rule support but I couldn’t find that in your video. Does Wazah have support for Yara or is this being done through the VirusTotal integration? Thanks for a great video. Cheers 😊

@PulsechainProfits Жыл бұрын

10/10 Intend on doing as a project for my cyber security resume.

@WolfIonGaming Жыл бұрын

I'm sure Wazuh can be installed on a Ubuntu raspberry pi but wondering would it be able to handle it? If it can, I'm curious would it be able to run Wazuh with pihole?

@daviesthecoach Жыл бұрын

Thanks for this video - helped me a lot. I, however ran into a bit of an issue with the windows agent. For some reasons, it failed to assign the server IP to the agent. I had to edit the config file to manually enter the IP address. Just in case anyone else has that issue with the windows agent. Thanks buddy. I appreciate.

@bilalaslam5288 Жыл бұрын

CIS Benchmark is something outstanding in this wazuh setup all other things are similar to other EDR solutions.

@-someone-. Жыл бұрын

I subbed. Great vid! Gonna set it up on my raspi 4b 👍 Also love the all black background, ...Very easy on the eyes, especially on my iPad.

@DarkCode 11 ай бұрын

Can you run this on Kali Linux? I would like to use it there..

@SayneTV Жыл бұрын

Man wazuh looks amazing :D I am thinking about to use it in my soho and install the agents on all of machines of my family and secure them :D Thanks for the vid!

@CottonInDerTube 5 ай бұрын

Just hat to deal with this software ... and how come a security software does NOT have 2FA/MFA available (on the community edition)?

@charlesm.1638 10 ай бұрын

This is so cool. I have a mini PC that I installed this on and will run it as my SIEM server.

@CyberJedi-ks7uc 6 ай бұрын

Thanks so much, first video I watched by you and complete whole thing, I really love the incident response aspect of Wazuh.

@ideabag1325 Жыл бұрын

Hi John. Thanks for the introduction. Nevertheless, could you please make a video in which you explain how we can monitor the outbound and inbound traffic for an agent? I want to be able to see the IP addresses, the URLs that an agent is checking and so on. Thank you.

@MichaelRoss-d1f 5 ай бұрын

just installed this from the OVA template file.. whats confusing me is around 29:30 or so, you show settings\threat detection and you toggle virus total on. the version i just got running doesnt have such a toggle. was that removed in updated versions?

@fromACHICAL 8 ай бұрын

great video John, we appreciate you, please could you take a time and do a video series on wazuh for home networks, and one think that i have not seen yet is wazuh agents for android & iOs devices

@74Gee Жыл бұрын

Best video to date, and that's saying something! Really awesome!!

@DarkCode 11 ай бұрын

How do you change the colors to purples and oranges or yellow and lime green I. The font or html or code ect? So damn cool

@avsuunInfoSEC3391 11 ай бұрын

Thank you for this video been looking for some way I can learn hands on SOC skill at home. I would like to apply this to my home network. Question can I have the service on VirtualBox and still monitor my home network? If so what would I set the Network Adapter to? Thank you.

@linodepartners Жыл бұрын

Fantastic video John, great to see Wazuh getting the exposure it deserves!

@docdon Жыл бұрын

Yes, it's incredible 😍😍. Thanks for sharing 😊😊

@t288msd 11 ай бұрын

Very informational. World record for use of the superfluous Americanism "go ahead" in one video.

@groszek7657 11 ай бұрын

Good video. Please please slow down a little and provide some short pauses to allow viewers to absorb information - this was 39 minutes of machine gun firing like experience, message overload. It is even worse for people whom native tongue isn't English. To be fair if your video was 45 mins long instead of 39 - it's no significant difference in length, but better message delivery plus splitting into noticeable sections would make a just good video - a phenomenally good one.

@vboutique2188 Жыл бұрын

If you were using it for actual security would you use it on a vm or better to run directly ?

@BeVisualInc Жыл бұрын

You killed this video!!! Got me interested in so many things all at once. Thank you brother!

@amandaa2119 Жыл бұрын

Ooh this sounds amazing. I am sharing with my team

@appearnowappearlater Жыл бұрын

Thanks for doing this video. Also, thanks for talking at us like this. Makes it all seem more genuine and really drives the point home!

@zenmoto369 9 ай бұрын

That's a bummer, 2024 and Wazuh doesn't support ARM. I was really exited to create a project with Wazuh, but it failed both on Parallels and VMware VMs. If anyone has a solution please share, thanks!

@MrNevado Жыл бұрын

Loved it. Please do more about this!

@CitizenFortress Жыл бұрын

In case you didn't know, Arctic Wolf is a copy of Wazuh. It's literally the SAME THING.

@JonoPadoa Жыл бұрын

Hey youtube, and John:) So I am a newbie to all this and have a question which has taken me hours of trying stuff but cant figure it out. So thought I would turn to comments...uh oh! So, I have 2 Ubuntu virtual machines running in VirtualBox. I followed the process 100% and when i run both sudo systemctl status wazuh-agent AND wazuh-manager they both say running/active. But when i refresh Wazuh dashboard it still says 0 agents? I have tried this whole process over 3 times and researched for ages but nothing is pointing me in the right direction. This is for a project I am doing as finals for a course so any help would be greatly appreciated.

@Scienzaluis Жыл бұрын

Such a great demonstration. 😎

@TheLegend-td9pr Жыл бұрын

Kudos to you. You made look so simple. Your virtual boxes are running faster.

@VAS.T Жыл бұрын

wow, this is like having a master chief suit

@mohamedabouzaenin Жыл бұрын

thank you john for your efforts. please can you do more video's about wazuh

@ausrobroy1964 Жыл бұрын

I had a little laugh at this when watching. Great video. However when you said most of our servers are Linux I went, "oh, are they?" I have been working n the small business sector in Australia for 40 odd years and I think I could still count the amount of production servers I've seen running Linux on one hand, (ok maybe that's an exaggeration, but you get the point). This seems like an awesome platform. Currently I Google how to do stuff on Linux cos I don't use it enough to remember things. However, it seems I am going to have to finally bite the bullet and learn how to set up and manage a Linux VM on my Hyper-V server ...😑

@hugeslacker 10 ай бұрын

I hope you do make some more wazuh videos! I just started using it at home and really like it. There's a lot to dig into!

@patrickbuswell Жыл бұрын

This is like 90% above my head, but it was very interesting. Thanks for sharing

@stukash Жыл бұрын

Awesome. Thanks for the presentation. i think i´ve seen the light!!!

@slasherakos7715 Ай бұрын

i have only the overview in the dashboard, how can i fix this ? plz answer

@הראלפז-ס3נ 8 ай бұрын

can someone help me? i installed it but cant access the dashborad, keep saying unable to connect. already checked if the service is running, checked the firewall for rules. any help?

@evelbsstudio 6 ай бұрын

I am getting critical hits for office 2016 and it is not installed. I am also getting hit that have no patches to correct the hits on ubuntu like apparmor

@eskurniawan Жыл бұрын

is it SIEM thingy? or can we said that WAZUH is alternate from SIEM tools?

@MrPigeonfeatures Жыл бұрын

What's the catch? I've been looking into this and it all seems to good to be true!

@shahrukh316 Жыл бұрын

That was amazing. Looking forward to the next part

@matthewtoye4465 6 ай бұрын

Great video. Thank you. I'm curious how relevant this software is today (in comparison to other products on the market)? Thanks again, and keep on doing what you're doing.

@robinsonnunes4953 10 ай бұрын

It is an amazing thing :) thanks for sharing it with us I am very excited to see more showcases videos about Wazuh from you.

@baruchben-david4196 Жыл бұрын

Yours was an excellent presentation. Sadly, what I saw while following your instructions didn't match what you saw, starting at the "Install agent" page. Unfortunately, there wasn't enough information for me to figure out where things went wrong.

@antonioonly Жыл бұрын

Fantastic stuff and very insightful, and thanks for sharing. Looking forward for more OpenSource tools for home and enterprise. 💯

@adrianstephens56 Жыл бұрын

Small presentation tip. Move the mic to the side of your face and avoid the pops.

@trollingdirty8910 Жыл бұрын

Built on OSSEC and doesn't scale or work well for large cloud environments with a lot of ephemeral workloads.

@54tutu8 9 ай бұрын

24:00 wazuh isn't just SIEM but also XDR 25:30 function as an Antivirus ?

@shabadooshabadoo4918 Жыл бұрын

Your video seems a little backwards. Test drive it first and get me interested, then show me how to install. Now i gotta skip ahead to see how it even operates. I would do something like [ preview the most interesting thing about it->summary -> cost (or premium benefits) -> testdrive -> install and other info ]