Great evolution. From replacement OSSEC as HIDS to all in one security solution (SIEM+XDR).
@nullproxyYT2 жыл бұрын
For everyone who's reading this, wish you an amazing day! 🔥❤
@logmantarig2 жыл бұрын
Thanks u too
@igotchabrothaofficial2 жыл бұрын
Same to you!
@gsmzed24792 жыл бұрын
Have a great day too
@firosiam77862 жыл бұрын
Same 2 u bro
@anik63932 жыл бұрын
It was a bad day mate
@DingDingPanic2 жыл бұрын
The new version of Wazuh no longer has ELK onboard. It has been replaced with a native search and indexing solution. The gui is now different too. Would like to see this video redone based around the new version.
@primescope68742 жыл бұрын
Great.. Looking forward to the next one in this series.
@QueenShebaCEO Жыл бұрын
Thank you this was a great breakdown of this SIEM
@plushplush76352 жыл бұрын
very good topics with snort and wazuh, thanks
@sunmoon20052 жыл бұрын
Thank you so much as you do for teaching us
@bluerewind70442 жыл бұрын
Thanks for the help!
@emaneezechiel41642 жыл бұрын
Great info, you got a new subscriber
@durgeshgupta8632 жыл бұрын
need more video related to Wazuh SIEM
@johnvardy95593 ай бұрын
Great alexis
@Hacking_vibe2 жыл бұрын
Setup and config video podunga bro
@InfinitiCyberSolutions Жыл бұрын
In preparation for this lab I installed and configured the Security Onion iso. How can I use it with this lab please?
@SecurityTalent2 жыл бұрын
Great
@logicfirst79592 жыл бұрын
You know in my red team/blue team engagement, the very first thing i did was to disable beat and Splunk UF and blue team was completely blind and oblivious of any attacks.
@killacups Жыл бұрын
From a blue team's perspective, disabling of UF/EDR would trigger a detection right away. Or, if logging stops coming in.
@logicfirst7959 Жыл бұрын
@@killacups there hasn't been a single case in the last 10 years when detection triggered upon killing the UF/Beat process.
@killacups Жыл бұрын
Sorry, my answer was a bit more generalized. This completely depends on the environment.
@dennisTHEmenac3 Жыл бұрын
Once elastic drops their update with their own native agents, wazuh will be useless. I’ve only ever used endgame for host agent (enterprise deployment) and if you’re somehow able to kill the endgame agent, it absolutely triggers an alert. Still can’t believe wazuh or beats doesn’t trigger on disable. That’s a huge open source gap if true
@VidarPT2 ай бұрын
Does anyone know where I can get access to the rest of the series? There are 3 videos related to WAZUH on this channel, but in the description there's link for a part 2 in all of them. Problem is the link doesn't work and the uploader seems to be gone... Thanks.
@StevieRayLou9 ай бұрын
Can wazuh 4.5.2 be installed on debian12? Can you make a flatpak, please?
@techclubhouse67722 жыл бұрын
I think am first to watch this
@valeriomenghini62192 жыл бұрын
That's what we all say
@AbdulWahid-ig6ep2 жыл бұрын
No setup video?
@tshakh9345 Жыл бұрын
Do someone know ho to change ip adress of wazuh after installation?
@sodarakaing19972 жыл бұрын
Does the Wazuh support with App logs?
@felixbecker55912 жыл бұрын
No but Filebeat does
@Born_rebel1992 Жыл бұрын
Yes it support integration of app log.
@goodboy-mn2qp2 ай бұрын
great information ❤️❤️🤍
@cagoaustine71948 ай бұрын
please sir can u make us video on pegasus
@bibeksubedi92452 жыл бұрын
Nice, First of all you make Elastic search video. There is lack video becasue you directly jump on wazuh.
@PetritK102 жыл бұрын
Whats difference between Wazuh and Splunk
@felixbecker55912 жыл бұрын
They are different products for logging. If you look into the Pricelists, you will see the difference 😂
@Born_rebel1992 Жыл бұрын
By using wazuh you will reduce logs size which you sending to splunk.you can use wazuh as filter for spending important logs to splunk.
@ramsaidupati17812 жыл бұрын
👋👍
@georgesherpa2 жыл бұрын
isnt wazuh EDR/XDR? is it just a siem?
@felixbecker55912 жыл бұрын
It’s EDR/XDR yes. But in combination with ELK it could be used as a SIEM. But I think there are still a lot of missing functionalities
@chandraprakashntc2 жыл бұрын
Need hive and s3 bucket integration videos too
@Born_rebel1992 Жыл бұрын
There is video on youtube for s3 bucket integration with wazuh
@dr.thulaganyorabogadi85964 ай бұрын
Monitoring non wazhuh devices
@romeomungiu29322 жыл бұрын
A lot is still missing, the engine at the base is still ossec with a “signature based type of rules”. Tu much correlation capabilities are missing to call it a siem. Of clouds… better then nothing but still, calling it a siem is misleading
@javimed9669 Жыл бұрын
Hi. Wazuh provides threat prevention, detection, and response capabilities and helps with regulatory compliance. It collects logs from disparate sources and analyzes near real time the security events. It also considers historical and contextual data allowing incident management. It has useful dashboards and reporting capabilities. Wazuh is indeed a complete SIEM + XDR platform. Perhaps you would like to discuss particular features you don't find in the product? What are the missing correlation capabilities? Thank you.