Wazuh Install - Worlds Best OpenSource EDR!

Рет қаралды 31,363

Taylor Walton

Күн бұрын

Пікірлер: 40

@adilhashmi7608 2 ай бұрын

huge fan of you mahnn !!

@vinayvinni9757 2 жыл бұрын

Fan of your work from india😃

@АллаГромовая 2 жыл бұрын

Thanks for great mood

@nopromises884 2 жыл бұрын

i am deploy wazuh manager graylog successfully i can see data in grafana but i cant see wazuh dashboard security event and and other alert from from wazuh .is there any way to see both dashboard wazuh and grafana?

@lupeadorin4282 10 ай бұрын

Did you find any way to resolve this issue?

@VahanTorosyan-f4n Жыл бұрын

In case if someone has the issue with error "Elasticsearch exception [type=illegal_argument_exception, reason=key [types] is not supported in the metadata section]." when try to see received messages (16:27), you needed to remove this from the Opensearch config file: compatibility.override_main_response_version: true (or just comment) and restart wazuh-dashboard and graylog-server

@joelnicholasfrancis2700 Жыл бұрын

It gives me the same error

@mcastill3 Жыл бұрын

Same error for me

@МаксимКиселёв-б9з Жыл бұрын

I also encountered the same problem, deleted the required line from opensearch.yml, did systemctl restart graylog-server, but still Elasticsearch exception [type=illegal_argument_exception, reason=key [types] is not supported in the metadata section].

@ArmAikido Жыл бұрын

The problem can be solved by installing Graylog 5.0 with MongoDB 6.0

@NareshKumar-hw4nl Жыл бұрын

hi Please comment out the line under /etc/wazuh-indexer/opensearch.yml #compatibility.override_main_response_version: true This worked for me. i got same error even after installing Gralog 5.0 and mongoDb 6.0

@krosstty 10 ай бұрын

Hi, thanks a lot for your great content. It´s possible to help me with follow issue: [Alerts index pattern] No template found for the selected index-pattern title [wazuh-alerts-*]

@hydradragonantivirus 9 ай бұрын

How to compile it?

@surathwalpita 7 ай бұрын

While retrieving data for this widget, the following error(s) occurred: Elasticsearch exception [type=illegal_argument_exception, reason=key [types] is not supported in the metadata section]. Why I'm having this error ?

@Carbon367 7 ай бұрын

Have the same problem sadly. Did you find a fix?

@surathwalpita 6 ай бұрын

@@Carbon367 no.. Is there any fix @Taylor Walton

@surathwalpita 6 ай бұрын

@@Carbon367 hey dude! now it's working. Use everything, he uses. If versions get mismatch this will happen. Use OpenSearch 1.3. Currently Graylog supports up to OpenSearch 1.3. If your using OpenSearch higher versions Graylog will crash.

@Carbon367 6 ай бұрын

@@surathwalpita Hey! Thank you very much for letting me know. I will try it out. Have a good one! :)

@RatanGupta-l4e 6 ай бұрын

@@surathwalpita Hi, I've followed the tutorial as is, and I've only used commands from the blog post. I'm still getting this error, and just figured out that I am running opensearch v 2.10. It might be a silly question, but how do I downgrade to 1.3 cleanly so as to not effect anything else? Would be grateful for your help, thank you!

@photondoh5384 2 жыл бұрын

I wish wazuh had iso 27001 compliance dashboard.

@jarmandog8372 2 жыл бұрын

That'd be amazing, maybe a custom dashboard? That's a great idea

@jig270 Жыл бұрын

it has i think nist ,you can compare nist and is027001 fro their site and use it.

@ArmAikido Жыл бұрын

One question. Finally, is this entire series about EDR or SIEM?

@DM-gp6pd 2 жыл бұрын

Super informative and practical series. But can you please uncover one topic about efficient way of transferring sysmon for linux events from endpoints to backend systems. Because they are stored in XML format and it's not so obvious which forwarders and options should be used.

@taylorwalton_socfortress 2 жыл бұрын

Checkout the decoder video:) Decoding Linux For Sysmon - Learn How To Ingest Sysmon For Linux Alerts into Wazuh kzbin.info/www/bejne/r2auYqOZqauil9k

@amruth1936 Жыл бұрын

Hi Bro, I followed all your steps . regarding wazuh * and graylog. now i am unable to assign a group to wazuh agent . Please guid me

@amruth1936 Жыл бұрын

error is - Assign the agent to a group This section could not be configured because you do not have permission to read groups.

@iammodibhakth Жыл бұрын

@taylorwalton_socfortress

@SiberKost Жыл бұрын

you are very genius and cool buddy

@gcurz1560 6 ай бұрын

Thankyou

@pragmatickaos852 9 ай бұрын

I don't understand why Graylog is in the picture. You're already using Fluent Bit, which can already do all the filtering and renaming and much more. It can even integrate with GeoLite2 IP geolocation. I decided not to install Graylog.