Threat Detection & Active Response With Wazuh
Рет қаралды 109,278
Күн бұрын
@ghsinfosec 2 жыл бұрын
Fantastic series! It's awesome that your Ubuntu instance was actively being attacked while you were making this video. That really demonstrates the value of a SIEM and also highlights the fact that attackers are always trying something. Thanks for the videos!
@edmunek 3 ай бұрын
no it doesn't. any ssh exposed to public instantly will have these.
@frankyz 2 жыл бұрын
Great video! I did not realize Wazuh can configure action to add active response rule. Thank you for the content! I learned a lot
@cheebadigga4092 2 жыл бұрын
This channel is a goldmine! Thank you for all your time and effort!!
@mrkmdz Жыл бұрын
I think this is one of your better how-to videos. The real attack and watching how you used Wazuh to gather details and invoke a basic defense definitely added to what otherwise would have been a rather boring walk-through of the installation and capabilities.
@robertungureanu4660 2 жыл бұрын
Came across your videos a month ago and won't stop until I see ALL of them. But what really cranked me up here was hearing how PUMPED up you were when you saw it's a real(-time) attack. Gold. :) Thanks for the awesome videos. PLEASE keep doing them.
@chaitanyakhairnar6352 2 жыл бұрын
Thank you for creating this awesome content. Glad to see those real time attack surface and mitigation techniques. You are doing great job Alexis ❤🙌
@cyberSec00xf 2 жыл бұрын
One of the best infoSec expert..🙏
@user2200-t5z 2 ай бұрын
Thanks mate for this wonderful series.
@QuantumNaut 2 жыл бұрын
Nice walkthrough I am learning security onion in school and noticed Wazuh is part of it.
@nbctcp3450 Жыл бұрын
between them which one better and easier
@QuantumNaut Жыл бұрын
@@nbctcp3450 security onion is pretty easy to use so i would say that one but probably because i've used it more than wazuh shown in the video
@nbctcp3450 Жыл бұрын
@@QuantumNaut I have tried SecurityOnion last night. The problem was. 1. I can't pull as docker image 2. iso size is big 8GB and 6GB of it is docker repository I can't find on how to install SO in Docker. If you have one please let me know
@ShortsGFX Жыл бұрын
It is very much knowledgeable video for those who are Wazuh Siem Administrator. Thanks HS
@SxMT Жыл бұрын
Great video. Loved the demo with adding some active defense.
@guerzizeb 2 жыл бұрын
Thank you very much, very interesting content, especially with that unexpected brute force attack. A real case.
@mfernandes8945 Жыл бұрын
This video has been so useful! The one question I have, is how to build a set of rules that can be built into the solution **before** moving a server into production. To me, that would seem to be better than trying to deal with problems as they happen.
@naseebullah4957 2 жыл бұрын
Hello thanks for detailed video on Wazuh! Could you please cover correlation part also.
@PrabhatKumar-tk8oy 2 жыл бұрын
Hey bro your all videos are very informative... Can you please make a video on DArknet chip (How it is use)
@milankukic9518 4 ай бұрын
Simply awesome! 😀
@tamalnaskar4080 2 жыл бұрын
thanku for this kind of knowledge video we want more about it plz sir.....and ur voice is more magical
@lawhousekolkata 6 ай бұрын
NIce video...Can you make another video how to create rules, dashboard and how to get logs from L3 Routers
@abedzaben Жыл бұрын
Thanks for the great video. Is there an option to to add some kind of logic to the active responses? For example, block the IP address only after 5 or 10 failed attempts?
@Lsecqt 2 жыл бұрын
Really informative, thank you!
@christojojo6590 Жыл бұрын
when we set the rule to prevent the brute force attack, That rule is for all the traffic from externa network?
@faizfredo8296 2 жыл бұрын
How can we integrate the hive with wazuh plz make an video
@arnabkoley8864 Жыл бұрын
Very informative video on Wazuh Active Response
@happyked 2 жыл бұрын
Are there any ways of getting the active response to block IP:s in a firewall appliance instead of the host firewall?
@andrewhughes459 2 жыл бұрын
Yes, you can actually write your own scripts that execute as the active response to an alert. The location XML tag that he used specifies if the response is run on the agent machine or the wazuh server so you can specify where to run the script in response.
@ChapalPuteh_ Жыл бұрын
Great ! Very fruitable … 🤓
@nishadbabu8130 4 ай бұрын
your link is not work.I want to join your part 2 series.How can i join
@noname54 Жыл бұрын
How can you install the wazuh agent on the wazuh server? I would like to monitor the actual server for attacks since its public facing. Thanks for the videos please create more with live attacks.
@leninagoras 11 ай бұрын
Wazuh-manager monitors itself.
@luiscarbajal5287 Жыл бұрын
Hello, question, min 24:29 Check Wazuh API connection error, How did you fix it?
@drmikeyg 2 жыл бұрын
I noticed when you when you deployed the linux server on Linode, you did not setup ufw or fail2ban on linux server. If ufw and f2b are setup, will that effect Wazuh performance?
@Kk-rr2sb 2 жыл бұрын
bro, is there any chance to watch your videos with enable from application dark theme or if this is not a option to use "Dark reader" addons to browsers? It will be great if this is possible.
@M_IZAN 2 жыл бұрын
What is your operating system name💜💜
@edmunek 3 ай бұрын
@15:05 - wow... shocking. someone is brute forcing a server with ssh opened to public? no way!!! that is sooooo shocking in all the honesty - man - just stop...
@farhamandkhan 2 жыл бұрын
Does it help in stopping DOS attack on 443 port?
@javimed9669 2 жыл бұрын
Wazuh has built-in rules to correlate multiple authentication failure events and identify brute force and DDoS attacks. But you can also create your own rules to detect specific attacks. The Wazuh active response capability acts on detection of an attack and can block the attacker's IP. Also, if you have a tool to detect DDoS attack you can make Wazuh read its logs and trigger alerts and an active response. Join the Wazuh community to get further answers.
@farhamandkhan 2 жыл бұрын
@@javimed9669 Thanks👍
@ianagung6886 2 жыл бұрын
There is Bandung on the geoLoc, wow
@aessi2746 2 жыл бұрын
I can't run wazuh of windows 7 for some reason i have tried different versions but it still doesnt work any guides..
@javimed9669 2 жыл бұрын
Hi. Once you've installed the central components on your Linux server, you can install a Wazuh agent on your Windows 7 endpoint following the "Installing Wazuh agents on Windows systems" guide on the Wazuh documentation site. Join the Wazuh community to get full answers
@fsdaaffa Жыл бұрын
Am from Kenya and I really don't think the attacker was from Kenya😂Great series
@toddeHB_GW Жыл бұрын
Please.... Never ssh with root. Basic rule 🙏
@moarimrharn Жыл бұрын
Ubuntu is not operative. Alpine Linux is mine.
@edmunek 3 ай бұрын
reaching 27 minutes in this video and I can already tell that the author is literally crawling in the fog here. what a waste of time of watching this video... that active response you created ... No words man. why would you think it is a good idea to create such a firewall drop for a 1000 timeout? so many better ways to handle this, yet you went for something so unlogical
@minimalny30 2 жыл бұрын
Katarzyna means „Kate” in Polish 😅
@manishhr4450 2 жыл бұрын
Please continue with web app penetration
@devurien 2 жыл бұрын
Katarzyna - Polish female name ;-).
@HackerSploit 2 жыл бұрын
Thank you for letting me know. Unfortunately I butchered the pronunciation.
@devurien 2 жыл бұрын
@@HackerSploit Everything was perfect like you and your channel. I saw many Polish names and surnames in your video. But attacker IPs was from China. This is interesting regardless to what is happening in Ukraine. And how Poles help refugees from Ukraine. It may be naive but it is interesting.
@abofan29 2 жыл бұрын
First
@shokuinstaff7666 2 жыл бұрын
ada indonesia coyy
Lawrence Systems
Рет қаралды 30 М.
Taylor Walton
Рет қаралды 25 М.
Matt Brown
Рет қаралды 343 М.