Introduction To Wazuh SIEM

Рет қаралды 119,369

HackerSploit

Күн бұрын

Пікірлер: 53

@securehcid5651 2 жыл бұрын

Great evolution. From replacement OSSEC as HIDS to all in one security solution (SIEM+XDR).

@nullproxyYT 2 жыл бұрын

For everyone who's reading this, wish you an amazing day! 🔥❤

@logmantarig 2 жыл бұрын

Thanks u too

@igotchabrothaofficial 2 жыл бұрын

Same to you!

@gsmzed2479 2 жыл бұрын

Have a great day too

@firosiam7786 2 жыл бұрын

Same 2 u bro

@anik6393 2 жыл бұрын

It was a bad day mate

@DingDingPanic 2 жыл бұрын

The new version of Wazuh no longer has ELK onboard. It has been replaced with a native search and indexing solution. The gui is now different too. Would like to see this video redone based around the new version.

@primescope6874 2 жыл бұрын

Great.. Looking forward to the next one in this series.

@QueenShebaCEO Жыл бұрын

Thank you this was a great breakdown of this SIEM

@plushplush7635 2 жыл бұрын

very good topics with snort and wazuh, thanks

@sunmoon2005 2 жыл бұрын

Thank you so much as you do for teaching us

@bluerewind7044 2 жыл бұрын

Thanks for the help!

@emaneezechiel4164 2 жыл бұрын

Great info, you got a new subscriber

@durgeshgupta863 2 жыл бұрын

need more video related to Wazuh SIEM

@johnvardy9559 3 ай бұрын

Great alexis

@Hacking_vibe 2 жыл бұрын

Setup and config video podunga bro

@InfinitiCyberSolutions Жыл бұрын

In preparation for this lab I installed and configured the Security Onion iso. How can I use it with this lab please?

@SecurityTalent 2 жыл бұрын

Great

@logicfirst7959 2 жыл бұрын

You know in my red team/blue team engagement, the very first thing i did was to disable beat and Splunk UF and blue team was completely blind and oblivious of any attacks.

@killacups Жыл бұрын

From a blue team's perspective, disabling of UF/EDR would trigger a detection right away. Or, if logging stops coming in.

@logicfirst7959 Жыл бұрын

@@killacups there hasn't been a single case in the last 10 years when detection triggered upon killing the UF/Beat process.

@killacups Жыл бұрын

Sorry, my answer was a bit more generalized. This completely depends on the environment.

@dennisTHEmenac3 Жыл бұрын

Once elastic drops their update with their own native agents, wazuh will be useless. I’ve only ever used endgame for host agent (enterprise deployment) and if you’re somehow able to kill the endgame agent, it absolutely triggers an alert. Still can’t believe wazuh or beats doesn’t trigger on disable. That’s a huge open source gap if true

@VidarPT 2 ай бұрын

Does anyone know where I can get access to the rest of the series? There are 3 videos related to WAZUH on this channel, but in the description there's link for a part 2 in all of them. Problem is the link doesn't work and the uploader seems to be gone... Thanks.

@StevieRayLou 9 ай бұрын

Can wazuh 4.5.2 be installed on debian12? Can you make a flatpak, please?

@techclubhouse6772 2 жыл бұрын

I think am first to watch this

@valeriomenghini6219 2 жыл бұрын

That's what we all say

@AbdulWahid-ig6ep 2 жыл бұрын

No setup video?

@tshakh9345 Жыл бұрын

Do someone know ho to change ip adress of wazuh after installation?

@sodarakaing1997 2 жыл бұрын

Does the Wazuh support with App logs?

@felixbecker5591 2 жыл бұрын

No but Filebeat does

@Born_rebel1992 Жыл бұрын

Yes it support integration of app log.

@goodboy-mn2qp 2 ай бұрын

great information ❤️❤️🤍

@cagoaustine7194 8 ай бұрын

please sir can u make us video on pegasus

@bibeksubedi9245 2 жыл бұрын

Nice, First of all you make Elastic search video. There is lack video becasue you directly jump on wazuh.

@PetritK10 2 жыл бұрын

Whats difference between Wazuh and Splunk

@felixbecker5591 2 жыл бұрын

They are different products for logging. If you look into the Pricelists, you will see the difference 😂

@Born_rebel1992 Жыл бұрын

By using wazuh you will reduce logs size which you sending to splunk.you can use wazuh as filter for spending important logs to splunk.

@ramsaidupati1781 2 жыл бұрын

👋👍

@georgesherpa 2 жыл бұрын

isnt wazuh EDR/XDR? is it just a siem?

@felixbecker5591 2 жыл бұрын

It’s EDR/XDR yes. But in combination with ELK it could be used as a SIEM. But I think there are still a lot of missing functionalities

@chandraprakashntc 2 жыл бұрын

Need hive and s3 bucket integration videos too

@Born_rebel1992 Жыл бұрын

There is video on youtube for s3 bucket integration with wazuh

@dr.thulaganyorabogadi8596 4 ай бұрын

Monitoring non wazhuh devices

@romeomungiu2932 2 жыл бұрын

A lot is still missing, the engine at the base is still ossec with a “signature based type of rules”. Tu much correlation capabilities are missing to call it a siem. Of clouds… better then nothing but still, calling it a siem is misleading

@javimed9669 Жыл бұрын

Hi. Wazuh provides threat prevention, detection, and response capabilities and helps with regulatory compliance. It collects logs from disparate sources and analyzes near real time the security events. It also considers historical and contextual data allowing incident management. It has useful dashboards and reporting capabilities. Wazuh is indeed a complete SIEM + XDR platform. Perhaps you would like to discuss particular features you don't find in the product? What are the missing correlation capabilities? Thank you.