Multi-Tenant Wazuh - Learn How to Deploy a Multi-Tenant Wazuh and OpenSearch Cluster!

Рет қаралды 16,262

2 жыл бұрын

Join me as we install and configure OpenSearch and Wazuh for multitenancy. See how we can create roles and policies for our users! Let's deploy a Host Intrusion Detection System and SIEM with free open source tools. Join me as we explore and learn together.
GitHub: github.com/OpenSecureCo/Demos...
Discord Channel: / discord
Check us out: www.opensecure.co/
Interact with our demo: www.opensecure.co/demo
Hire us: www.opensecure.co/contact-us

Пікірлер: 29

@jag831 2 жыл бұрын

I'm slowly turning to your channel instead of the official documentation.. Your videos are always on-point and with a perfect rhythm and pace for the topic at hand!

@abdulsamad-as 2 жыл бұрын

Thanks for best guide

@trev8813 2 жыл бұрын

Great video! Do you know if you can add these different labels to ingested AWS or GCP logs as well? So one logs coming from one AWS account could be labeled "AWS-A" and logs coming from another AWS account could be labeled "AWS-B"? Thanks!

@makarachhum1641 2 жыл бұрын

That's an awesome tutorial video !!!!

@radisociale 8 ай бұрын

great video, I recently installed the multi-server wazuh but since this video was released there have been some changes to the UI and some parameters don't apply anymore (I don't really have anywhere to paste what you did ). Any advice?

@PaulEmmanuelAustria 4 ай бұрын

Will this setup same as multiple wazuh server connected to a single wazuh manager? As far as I understand, the two agents are server A and ServerB.

@paulolima3848 2 жыл бұрын

Hi, thanks for the content! It's very usefull specially to MSP that are starting a SOC-SIEM service. I have a question about the way to labeling the syslog events as you did with the agents. There is any way to segregate syslog events from firewalls and switchs by Clients?

@taylorwalton_socfortress 2 жыл бұрын

You could use a sequence of rules to separate firewall and switch events per client by using a field name of the agent label. Something like the below may work: firewall customer1 Customer1 Firewall Alert firewall customer2 Customer2 Firewall Alert switch customer1 Customer1 Switch Alert etc. Hope this helps and thanks for watching!

@ngenen Жыл бұрын

@@taylorwalton_socfortress can you make a video about this aproach? I dont get how the if_group would work with several devices sending syslog to the wazuh manager.

@sephirothfemto 10 ай бұрын

I am missing agent.labels in the events. How can I add it?

@bitstop2003 7 ай бұрын

agree with jag831. your video is better than Wazuh documentation. However, im stuck somewhere and need help. How do i troubleshoot the "Wazuh API error: ERR_BAD_Request - Permission denied: Resource type: *.* " ? a full detail error: You have no permissions. Contact to an administrator: no permissions for [indices:data/read/search] and User [name=venus, backend_roles=[], requestedTenant=]: security_exception: [security_exception] Reason: no permissions for [indices:data/read/search] and User [name=venus, backend_roles=[], requestedTenant=]

@JoeLopezNJ 2 жыл бұрын

This is not OpenSearch,. This is the predecessor Open Distro that is being retired. Wazuh doesn't yet support Opensearch since Kibana no longer exists and has been changed/ forked to opensearch-dashboard

@taylorwalton_socfortress 2 жыл бұрын

Correct, that was my mistake. Thank you for help clarifying :)

@weslysibagariang843 Жыл бұрын

Hi, thanks for the content. I followed your steps but i got this error: {You have no permissions. Contact to an administrator: no permissions for [indices:data/read/search] and User [name=user1, backend_roles=[], requestedTenant=null]: security_exception}. Can you please help to resolve this?

@fernandolopez204 Жыл бұрын

could you solve this error?

@UberBaby168 7 ай бұрын

Hi Taylor, I'm using v4.6.0 and also got the same permission error after following your step by step twice! Please advise. Thanks!

@Nafay1991 2 жыл бұрын

i followed exactly your video but getting errors.. you might work something else which is miss from video

@taylorwalton_socfortress 2 жыл бұрын

Hey there, what were the errors you were facing? Are you still facing them?

@nopromises884 Жыл бұрын

its possible in do in elasticsearch? rather then Open Distro? thanks

@taylorwalton_socfortress Жыл бұрын

Unfortunately no. You’d have to pay for an elasticsearch license

@nopromises884 Жыл бұрын

@@taylorwalton_socfortress thanks for your quick response.one further query if i use open distro can i use own certified and can i use all beats like filebeat,metricbeat etc. and can i use thehive,cortex,misp in open-distro as like elasticsearch thanks.

@tashfeenlatif5496 2 жыл бұрын

time 5.54 .where to get these IP's that you use

@taylorwalton_socfortress 2 жыл бұрын

That is the public IP address of my Wazuh Manager. Thanks for watching :)

@tashfeenlatif5496 2 жыл бұрын

@@taylorwalton_socfortress i get it know .Thanks for response

@erikkirschner8681 Жыл бұрын

hello, I try this setup on wazuh appliance v4.3.10 anf I recieve this message after login like group user: You have no permissions. Contact to an administrator: no permissions for [indices:data/read/search] and User [name=gc1, backend_roles=[], requestedTenant=null]: security_exception @Taylor, can you help me please, or do you have any idea where is problem? thnak you

@fernandolopez204 Жыл бұрын

could you solve this error?

@erikkirschner8681 Жыл бұрын

@@fernandolopez204 Yes, in documentation are some script and steps for this problem...

@fernandolopez204 Жыл бұрын

@@erikkirschner8681 Thanks for answering... could you guide me a bit or give me more information? I'm new to Wazuh and I still can't find the solution to the problem within the documentation.

@bitstop2003 7 ай бұрын

I have the exact problem, I read the documentation, but couldn't find a solution. Can you help?