What a great video Taylor, thank you so much for this

Thank you Taylor! really appreciated your time and effort.

Best combination of best open source tools. Thanks for sharing 👍

Taylor, awesome stuff, amazing content that actually works if you follow. Big fan of Opensource.

hey taylor your videos are amazing.....thanks for sharing your knowledge 🚀🚀🚀

You did spend a good piece of time explaining everything. Nice

Great !! Many thanks, I'll start to follow your vids and install all services needed. Merci !!

Thanks, buddy. Love your videos.

Thank you so much. it helps a lot.

Great video my friend

One of the best Open Source video setup! Thanks for the video! What server are you running? VM in your local machine?

Thank you Taylor for the video it was great as usual been watching wazuh videos from your channel and it helped me i have question bro I’m small company which can’t avoid market EDRs which one you would recommend elastic edr or wazuh?

very helpful

I first want to say thank you for providing this content. I've watched the entire "World's Best Free SIEM Stack" series and it's been a huge help getting me started with more advanced collecting and analyzing of my logs. But before I go down the path you've provided, I'm wondering what a scaled back approach might look like. I'm working within a school district and my environment is fairly small. I have around 30 network devices, one firewall, VMWare with 3 hosts and15 VM's (Windows and Linux) and another 5 standalones on prem Windows servers. Then there is about 150 Windows and Mac devices. So, I guess I'm wondering if I can just take pieces of this and have a good enough working "SIEM" to help me detect, isolate, respond and clean up any type of security event that may occur? Or do I just install the full Wazuh Security Platform and that'll be good enough? Any thoughts or comments would be appreciated.

Very nice video.. Could I run these as vm's on one host? If so how much ram would i need? Not for large production just home lab

Running into an annoying issue where graylog cannot verify hostname. Getting this error: Unable to retrieve version from Elasticsearch node: Hostname not verified. Any pointers?

Hello, Can anyone tell me is there any API to get stored alerts from wazuh indexer automatically?

Great tutorial, love this series

Hope you are watching these notes... That was a speed session - and I have question.. I notice that when setting up these apps, it all defaults to the main drive your /usr profile is located. For the Indexer, I want to store all the data captured on to a second drive I have mounted. /dev/sdb (labeled: Data). In the opensearch.yml the two lines you skipped over, path.data and path.logs, are these the areas to change to force to that second drive? Would I change the /var/lib/wazuh-indexer to /dev/sdb/wazuh-indexer/data and /dev/sdb/wazuh-indexer/logs ?? Would that work? Since my main drive is small.. just looking at how to redirect data to the second drive. when looking at properties i think it is /media/ubuntu/Data Parent Folder...

Taylor, no money in pocket? What environment do you need?

So if we already have Elasticsearch, do we need to drop it and use W.Indexer instead?

get confused why elasticsearch and not Opensearch. am i lost?

Hi Guys, I am looking to use this SIEM stack as a Capstone project. Is it expensive to launch? It doesnt need to be used for production....TIA

Hey Taylor, I have followed the steps as described in the video and medium post, but am encountering a problem in the last step. When I try to access my dashboard webpage, I am greeted with a message saying "Wazuh dashboard server is not ready yet". I have tried looking through blogs but the only solution I seem to reach is to run the systemctl restart wazuh-dashboard. It would be a great deal if you get help me out here. Thank you again for the video.

Hi Brother, I am facing below issue in graylog, i followed the same steps as you did in the videos. graylog searc tab - While retrieving data for this widget, the following error(s) occurred: Elasticsearch exception [type=illegal_argument_exception, reason=key [types] is not supported in the metadata section]. please help me out, from last 1 week i am triying.

please can someone help me, i get the error when i want to start the wazuh this error: controll process exited with error code, see system-ctl status wazuh-indexer service

Followed your guide and the official docs, however, I'm getting the following error message when installing the Indexer: "Unable to locate package wazuh-indexer". I'm running Ubuntu 22.04.3...Everything's been working great until this installation. Not sure what is wrong with my installation.

getting this error : Wazuh dashboard server is not ready yet indexer active and the dashbord is active :( any help plz

Getting this error INFO: No current API selected INFO: Getting API hosts... INFO: API hosts found: 1 INFO: Checking API host id [default]... INFO: Could not connect to API id [default]: 3099 - ERROR3099 - Invalid credentials INFO: Removed [navigate] cookie ERROR: No API available to connect

after following each steps carefully, i got wazuh-indexer and wazuh-dashboard running on systemctl, but when i hit the ip address, it says wazuh dashboard server is not ready yet. any solutions?

Hey Taylor I got a error while doing gpg key part .. gpg: keyblock resource '/usr/share/keyrings/wazuh.gpg': Permission denied Thanks in advance :)