Wazuh founder here. I love the video! Thank you Chuck. Currently our team, in collaboration with our users community, is working on improving Wazuh, making it easier to use and more capable. We are motivated to create a quality, free, and open-source alternative to the prevalent commercial solutions. Indeed, we want to help democratize access to these kinds of security products.

For those who are following this recently there are a few differences but if you're struggling to talk to your manager you need to check the iptables on your managment box. Opening an input rule for ports 1514 and 1515 on your managment box is needed for your machine to communicate with it. Running both - sudo iptables -I INPUT -m tcp -p tcp --dport 1515 -j ACCEPT sudo iptables -I INPUT -m tcp -p tcp --dport 1514 -j ACCEPT will allow you to establish a connection.

Security Professional here! Awesome video Chuck!! Any newer security analysts, do this lab and continue to monitor and work with this tool!! If I saw this lab on your resume your application would be at the top. These are real world skills you will use daily working in a Security Operations Center. I have been sending this video to any junior analysts I know. Thank you again Chuck for the great content!! Would love to see more blue team content like this!

Thank You Chuck ... :) A year ago, when I first saw your channel, you became my inspiration to change my life. I changed my career and since June 2023 I have been working in IT :) Great channel keep it up :) You're doing a great job!

We need more self hosted security and blue team content.

Dude, you're the best! As a hardcore dev of over 15 years who ended up moving into business / tech strategy role and then returning to hands-on tech both as a fun hobby as well to fulfill a practical need to remain current with the detail to be effective in my job, your videos and topic range tick all the boxes. You've mastered the art of both providing sufficient depth and explanation at speed so as not frustrate viewers like me that often eyeroll at videos speaking at the "noob" level, while also being equally helpful to those learning for the first time that are noobs. Love the content, depth, pace, and wide range of topics. Keep it up, if you don't have one already, NUMBER ONE FAN, RIGHT HERE!!

Just a hint, instead of manually changing configuration on each host, its better to use shared configuration in the admin console. You can make groups out of agents and apply taht shared config to specific groups. Much easier to do it once than changing for example 200 config files or making script for AD to copy that config file.

Security Engineer here, great content on this video. I've been working with wazuh for quite some time now, and it's amazing how you can create your own rules, decoders, and custom integrations. Wazuh is a beast once you dedicate the time

Hey Chuck! I know you'll never read this, however, you should try spinning up a Security Onion VM in your internal lab/farm and check it out. Wazuh is just ONE of that many SIEM apps/utilities included. It could make for a lot of quality content if you did a brief "intro/overview" on each of the apps (Playbook, FleetDM, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, Zeek, and ofc Wazuh). For your followers interested in SOC Analyst/Cybersecurity, this would be a great taste of reality for those perusing that career path. Yes it's open source (free). Just an idea.

Thank you Chuck! I work for a security company that sells a SIEM product, but my access is very limited, and information is not shared (security people tend to be tight lipped). With Wazuh I can finally try out these concepts without limitations, and learn the terminology so that I'm speaking the same language as the engineers I work with. Wazah will be going on a spare NUC this weekend, so thanks for giving me something to do this weekend!

If you're only monitoring a small number of client systems, the $5/month Linode should work just fine. However, you have to create and mount additional swap space (swapfile in this case is easiest). Obviously not recommended for a production environment, but works fine for a home lab.

Everytime you say Wazuh, it makes me think about that term "WAAAAAZUP!!" I'm currently attending a Cyber Security School and I just went through a module that taught about this application. Thanks for setting it up Chuck. Knowledge can't be used unless its applied to a real world scenario.

Hey Chuck, I know chances of you reading this are pretty slim. However, I wanted to stop by and pay my respects. Because of you and your videos I was able to pull myself of a very dark place. After long hours and hard work, I passed the security + today. Thank you for the videos.

Installation went perfectly fine and what a useful tool indeed! Thank you. I have to add that your channel is great and very practically useful so please keep up the good job.

As always, great blend of amazing content, information and entertainment. Keep up the great work!

Senior dev lead for one of the Gartner SIEM vendor's here for the past 25 years. We always pronounced it "SIM" internally, but ya, it is also called "SEEM" in the industry.

Hell yes, you did it! :P I started with Wazuh two years ago and implemented it in my business. Currently, I'm using the default Wazuh ruleset, and I've written around 200,000 rules, I guess. But anyway, getting alerts is a nice-to-have, and not logging everything is the best you can do. However, the almighty kill feature is the FIM Module and the active response. The Active Response will handle the firewall drop and block brute force attempts by itself. I configured the FIM module on a folder, let's say /root/fim_auto_ansible, and there is a cronjob that downloads the new version of auditd/rules.d daily. The FIM will only trigger the alert when the File-SHA is different. With a local_rule, you can trigger an ansible-playbook command that copies the new rule.d file to all servers and shows you the changes on the Wazuh dashboard in the alert log. I enjoy experimenting with some exciting configurations and rebuilding some stuff. I use OpenSearch to send the logs from the Wazuh-manager, first with Fluent-bit to Graylog in a JSON format. If you are using Wazuh with different tools and operating systems, you need to normalize the fields from a log to get better and faster searches. But this is really a deep dive into it. Keep up the great work!

As a cybersecurity content creator, it's essential to emphasize the significance of free and open-source solutions, while also raising awareness about the potential risks they may pose to your data and network security if not managed properly.

I love your passion, drive, and energy to post great informative videos. I started my internship for a cybersecurity company, and or last assignment was to install some type of file integrity monitoring program or an IDS on a Linux VM. Using Rocky-Linux, I successfully setup OSSEC, which does both (IDS and File Integrity Monitoring) and then also installed Watchdog. It was a challenge to get the repos, but it works like a champ. This would have been so much easier to setup and it would give me SIEM experience in the process. Thank You NetworkChuck!!!!

I utilize Tenable at work, very similar to this. Was looking for a good lightweight home lab alternative and this is very helpful. . . will definitely be tinkering around with this.

Dude, I have to say, you never fail me bro. It doesnt matter what cyber question i have, you have a video for it. I found this one in a frantic rush to find a SIEM i could use for a proof of concept for the course I am studying and it was AMAZING! Easy to set up thanks to your walkthrough but also the run down on config, so helpful and will be so good to learn the ins and outs of blue team and defense. So, thank you mate, really appreciate your work!

Akamai and Linode is the best of two worlds. I'm so happy that they are together now.

Chuck look like my Grandpa wearing those glasses 😂

🎉 Well, in my corporation i am in no way close to the security team, but WOW! a) I learned what another paid tool in my corp does. b) a friend has a one man IT business for small business services, I helped him at minor networking issues above his standard levels. I told him that one growing customer would soon require higher security standards. This opens whole worlds of possibilities for his business and his customers. Got hit with health issues, but I can see multiple business opportunities rising up to me. And aside wazuh, network chuck, your lessons keep me watching closely where other courses soon get boring. ❤ 😮 awesome, thank you 🎉

Thanks man! I have several tools at work comparable to Wazuh, but I was looking for a vulnerability scanner... this looks great! I appreciate the time you're taking to research and prepare these kind of videos. Keep it up!

The coffee and personal cam video editing for audio coherence is top notch. ALVIIIN!!!

Hey Chuck, great video!! For those folks who do not have time to maintain a SIEM, how would you compare Wazuh to something like Blumira??

Dude good looks! I set the indexer, server, and manager up in WSL2 then installed the client in my win11 host and enabled vulnerability detection which was able to find 2 critical vulnerabilities in my system including one that was arbitrary code execution!! You may have saved my homelab. I’m now vulnerability free

That was an excellent tutorial. Have watched multiple Wazuh deployment videos and none of the ones I watched went into this much detail. I am not big into deploying anything on cloud infrastructure but I can see myself using all of the techniques you demonstrated. I would love to see the same level of tutorial for deploying Security Onion. Great job and thanks for so much knowledge shared over the years.

Oh my gosh. I didn't realize this existed. I have been fighting with the self hosted ELK stack and standalone OSSEC agent for literally months and did not realize that is what this is, all packaged for me.

Hey *Metaspyclub* what an amazing work this has been and with all the crazy detection that you guys make possible. You guys take hacking to a whole new level and get the job done ASAP!!! I'm wondering what are all your personal qualifications?I don't think that it was ever mentioned before.

I wazuh going to say nothing at first but the enthusiasm @20:12 was so palpable. 😆😂

Great addition to my home lab, thank you

NOC engineer here from Sri Lanka - Thanks Chuck !!! love this video

Is it better than logrythm, arcsight, elastic/elk, splunk?

I reckon Chuck is dosing only the purest speed in those coffee mugs. A true GOAT

This is awesome chuck! One thing I need a follow up on is how in the hell do you change the default login password? The Documentation on this is not very clear at all. Also why do they include a password "Change" option if it does not work. lol

Thanks Chuck!! Love your vids! Been away for a bit. Eventually though, I will be jumping into some things, such as installing my pf sense. Once I get into it I will binge your videos. Priceless KZbin tech info. Thanks a lot!

Always a pleasure to watch your videos! You're so knowledgeable and not condescending. Keep up the good work!

How much data is Wazuh collecting on their "free customers"??

Normally I don't watch such long videos, but this one was watched from beginning until end ;-) Thanks for it!

Excellent video. I recently setup a Wazuh server at home and have several clients, both physical and virtual. It's remarkably easy to setup and so powerful. I still have much to learn and you taught me a few things in this video.

Can you please stop changing camera angles and pans/zooms every 5 seconds? I don't mind it when you do, but you do it so frequently it's hard to watch.

As an elastic engineer, it is nice to see the many ways our stuff is used. Good job, Wazuh.

I’ve been wondering why nobody is strongly advocating for Wazuh since it’s free. I’m happy that you posted this on your channel, been using it for about a year now…. 1 word, AMAZING!

Hi Chuck. This is probably one of the best you've done yet. Keep up the great work!

We love Network Chuck and Coffee !!!!!! One of the best and must watch channels

I have been watching your content since I was in grade 6 and to be honest you've played a mojor role in my wellbeing in this crazy tech world...your content is really amazing 💯

Sound like Mr. Chuck had a few brewskies before his coffee!!! LOL Great video non-the-less, as usual. Been watching you for years.

I went and bought a simple 200 dollar HP refurbish to run this, in order to watch my Windows and Linux machines, this is truly a great product! Setup was a cake walk, I went Docker so I could keep on prem, but what a great addition to a home lab!

Thank you Chuck for taking the time to make this video. this is very cool.

Really appreciate this guide! I’m working on setting up my hardware wallet as a miner and sharing my progress on my channel. Keep it up!

Network chuck is the man for many reasons, but what puts him over the top is that he drinks his coffee black! Like it should be. Respect sir🤝

Good stuff. Wazuh has been popping off lately and that is definitely something nice to see!

Man i was just planning on deploying wazuh and practice using it to get a job in wazuh lol this video comes in the perfect time

I love these videos! I can feel the excitement every time NtChuck gets excited. hahaha

I've started to follow you a week ago and I really enjoy your videos, including this one! Thanks a lot to bring us some information about security as well as a great tool like Wazuh, great job Chuck!

Just got this running on my home network. It monitors itself, my desktop and my laptop as of right now. This is brilliant.

This is awesome!! I just got done playing around with it for about 15 hours! I used their documentation to integrate nmap scans into the manager. Unfortunately, no luck yet. I'm gonna go sleep now lol

You weren't kidding, extremely cool stuff, I'm for sure going to set this up this weekend or the next.

After just watching your video i I have implemented the wazuh on my organisation Thankyou bro Do more videos on free open source tools

This is sick, can't believe I didn't know about it sooner! This is going to be a must from now on for my home and business servers.

It was amazing. Very very useful. Me and my son have learned many many technical things from your KZbin channel. Thanks a lot. This tool I have started using in windows environment. I want to do it on virtual machine. OVA .

I was thiking in what to do either Ossec or wazuh. After this I'm setting wazuh for sure. Great video.

Thanks!

It was fantastic. Cannot wait to stand up the wazuh server for my 200+ server environments. Hopefully it will not scare me with millions of vulnerabilities.... Thank you Chuck!

My brother died and your videos entertained me keep it up.

Chuck, you are the WIlliam Shatner of networking. Awesome show.

Chuck, I literally spend half of my day 2day setting up a ELK stack with Windows integration! This video just save my week ❤

I discovered Wazuh about 6 months ago. It is one of the most awesome pieces of software I've ever come across. Their documentation is great. And their tech support is incredible. Not the Slack channel so much, but the Google Groups. They've helped me so much with decoders/rules/alerts/active response and more. It all just blows my mind!

Absolutely enjoyed this video! I setup my own Wazuh Server running on CentOS previously; However, your tutorial has been instrumental on setting up my Wazuh to monitor my environment. The Active Response was something I was not even tracking on previously and can be a huge time saver in configuring your webservers to do exactly what you can do in Wazuh (e.g., blocking logon attempts). Definitely bookmarking this video as I work on that portion and other configurations. Waiting for Wazuh to implement support for running vulnerability scans on Amazon Linux 2023 servers, hopefully I can turn that on soon! Thanks Chuck!

wow this is amazing!!! please do more shaky video effects when you're drinking coffee. my kids love it.. actually i do too!

Could watch your videos all day so lively

This actually pretty good solution for SIEM monitoring because we have multiple Windows BI tools environment in Azure, and sometimes we need to know what the developer did to fix the issue on prod and non-prod so the next guy shouldn't have any problem tracking down what the previous guy were doing to fix the issue

I thought when I have seen it minutes earlier: a SIEM tool? Yes! Second thought: Is it Wazuh? Also Yes!!!

As always @NetworkChuck this is awesome. Thank you for this. I will be testing this soon and then deploying it to all my virtual machines and client desktops that I manage. One thing I may suggest though and I will try to see if it works in this case; no punching a port through the firewall and instead using Cloudflare tunnel to access everything that is needed. Now if this works, it will be even more secure and no machine will be connecting back to the real server location. This is of course only good for those doing on-prem installs.

Hey Chuck, I would like to thank you for every video about hacking. I am about to start as a cybersecurity analist junior. you motivated and inspired me. through this channel I have learned everything about hacking, I have followed your advises and put it in practice.Be blessed Chuck !

Using it in my home lab/on my computers for almost 2 years now, so pleased with it! 🙂

I love your videos bro, freaking awesome every single one of them!! - Im deploying this tonight thank brother, I am starting a cyber analyst job in two weeks, and your videos have helped me gain amazing skills over this last year

Due to having seen a lot in the past 25 years in IT, not much impresses me anymore. Wazuh however does! I know you just scratched the surface of it, but DAMN this is impressive!

Great vid Chuck. As a Vulnerability Management engineer, I must say this has empowered me with great knowledge. 🙏

duuude! Love your vids, man! absolutely share your excitement in this stuff! Learning a ton!

Great Tool Chuck! Thanks for the new knowledge for this Wazuh. I will try this right now and have some tinkering on it. thanks again!

Thank you for sharing your ideas on top of the primary subject matter along with your humor and charm. I feel like your videos help with memory retention just because they are so fun to watch

I just love it to get to know these tools. Those Videos are just amazing

This is insane. You are genius. This is going to elevate my company. Wow. 😱

Chuck, you'll always have a spot in my feed, your jokes are beautiful and I wouldn't have you any different. Gracias

Thanks!

Shout out from Dallas, buddy! Awesome videos!

This is incredibly useful, thank you for making a video about this! I'll make sure to install this on my server tomorrow.

this is a very informative video. Can't wait to have my own wazuh installed and running. thanks Chuck. More power.

This has helped me out soooooo much and my cyber security confidence has went through the roof thank you again for this amazing video!!!!

Got logged in using the default credentials and the first thing you do is add clients? What about changing that default password? Great video. We need more FOSS security tools and tutorials.

I've had great experiences working with Wazuh. I thought it was interesting that you referred to it as a SIEM, which is correct, but I've always (or at least for the past couple of years) as XDR or EDR. The agent is so good and you can do so much with it. Security Onion includes this as one of the agents they work with, but I was so impressed with the web GUI native to Wazuh, I chose to just use that. Thanks again Chuck for adding to my home lab todo list.

I haven't been so hyped to install a new machine in a looooong time! Time to drag out a dust-gathering desktop PC and start playing!

DUDE! This was awesome! Thank you for going through this. I know several people that are going to love this!

Do you think the Wazuh agents can happily run along side Palo Alto’s Cortex XDR without causing any performance degradation?

Dude I love your videos. Big fan! Thanks for all the help these past months in setting up my home lab!

Chuck at it again!!!! This is amazing!!!!

I have a passion for cybersecurity and I never knew it. Thanks for showing me the basics 😊