set it up and do an adversary simulation on it!

Yes!!!

@Federico Pacher Not really, he touches on Wazuh a little but then bounces to another product, then to another product, then to another product and is not connecting it all together. So looking at the initial map of things, if you do this complete setup you will have many different things that can all do the same thing, so the whole presentation needs to be clarified because right now it is just clutter AND we don't get any responses to questions!

@@quikmcw so using all these in cooperation would be repetitive? or is it just that its difficult to set up all these together. Ive only been learning cybersecurity for a couple months and trying to learn blue teaming any advice while setting this SIEM stack up.

@@gstella2804you need to watch the series of these videos and figure it all out to understand what they are doing.

@gstella2804 Check out kali purple "soc in a box" project. it uses similar components as discussed here and also lists the hardware requirements. SO much learning there.

Yes but not likely on the same machine. You would need 64GB Ram and 3-5- terra drive of space for the whole project . You would likely want to run this across 2-3 devices or one very hefty machine with the requirements to run all this.

He doesn't like Kibana for visualizations he prefers Grafana. Likewise he prefers Wazuh agents for EDR instead of Beats.

Maybe because it sucks? :) ... I mean I'm testing it with Wazuh but Kibana is just so blantantly engieneered past the needs of usefull UI ... and if you ever had an Elastic Cluster fail ... good luck trying to recover it. It's just a pain in the ass to repair ... in the end I prefer OSSEC before it was turned in that Chutuhulu based Monster chained to the ELK stack if you ask me.

In theory yes. Main issue you will start to see is possibly bottlenecking on the log forwarding from the event collector. i.e. You have 100 servers/workstations sending 50 events per sec to the WEC, the WEC is then responsible for forwarding 5000 events per sec to wazuh (you can see how this scales if you extrapolate that out). Also wazuh has the ability to do detection and remediation, so it makes sense to install the agent on each host.

@@octavian15202 So when would you actually use WEC? Is it just a Wazug thing? I've seen a lot of recommendations for deploying a WEC in large environments so you don't have to deploy another agent on all machines

@@getoutmore I would say that's going to be dependent on your business case. If you want to make use of the EDR components of wazuh, you will want to put it on all systems as an agent. If you don't want to use the EDR components, then you could install in on the WEC, you will just need to be sure the agent forwarding from the WEC can figure out the original host that sent the events.

Google.

@@Gunz_andweed ChatGPT > Google

Why would you watch and comment this video for if you prefer to pay licensing for some proprietary/closed source solution? Nonsense to say the least.

@@FabioVascoGomes i like your open mindedness

@@DominiqueVocat Be open about it and make a video showing all the good things the other tools you know can do it. Explain, with details, why they are better then the open source alternatives. While you're at it, check other open source solutions as well, maybe there are even better options out there, not covered in this video. This is a channel that focus on open source tools, why would someone talk about proprietary software here? I respect your opinion, but you're not doing any good here. Not for you and not for the owner or the viewers of this channel. Think about it.

@@FabioVascoGomes Everyone is entitled to express their views. Perhaps a lot of individuals aren't even aware that employing the Cribl solution will allow them to lower their Splunk costs. Just a different point of view.

No its not. Sim sounds stoopid. Say Seem.