Threat Detection & Active Response With Wazuh
Рет қаралды 97,218
2 жыл бұрынIn this video, I cover the process of detecting and defending against threats and attacks with Wazuh. In the context of blue team operations, Wazuh is a SIEM (Security Information Event Management) system that is used to collect, analyze, aggregate, index, and analyze security-related data consequently allowing you to detect intrusions, attacks, vulnerabilities, and malicious activity.
You can register for part 2 of this series for free here: bit.ly/3yJqT3c
//LINKS
Wazuh: wazuh.com/
Wazuh Documentation: documentation.wazuh.com/curre...
Video Slides: bit.ly/38F2t0m
Register For Part 2 Of This Series: bit.ly/3yJqT3c
Get 100$ In Free Linode Credit: bit.ly/39mrvRM
//PLATFORMS
BLOG ►► bit.ly/3qjvSjK
FORUM ►► bit.ly/39r2kcY
ACADEMY ►► bit.ly/39CuORr
//SOCIAL NETWORKS
TWITTER ►► bit.ly/3sNKXfq
DISCORD ►► bit.ly/3hkIDsK
INSTAGRAM ►► bit.ly/3sP1Syh
LINKEDIN ►► bit.ly/360qwlN
PATREON ►► bit.ly/365iDLK
MERCHANDISE ►► bit.ly/3c2jDEn
//BOOKS
Privilege Escalation Techniques ►► amzn.to/3ylCl33
Docker Security Essentials (FREE) ►► bit.ly/3pDcFuA
//SUPPORT THE CHANNEL
NordVPN Affiliate Link (73% Off) ►► bit.ly/3DEPbu5
Get $100 In Free Linode Credit ►► bit.ly/39mrvRM
Get started with Intigriti: go.intigriti.com/hackersploit
//CYBERTALK PODCAST
Spotify ►► spoti.fi/3lP65jv
Apple Podcasts ►► apple.co/3GsIPQo
//WE VALUE YOUR FEEDBACK
We hope you enjoyed the video and found value in the content. We value your feedback, If you have any questions or suggestions feel free to post them in the comments section or contact us directly via our social platforms.
//THANK YOU!
Thanks for watching!
Благодарю за просмотр!
Kiitos katsomisesta
Danke fürs Zuschauen!
感谢您观看
Merci d'avoir regardé
Obrigado por assistir
دیکھنے کے لیے شکریہ
देखने के लिए धन्यवाद
Grazie per la visione
Gracias por ver
شكرا للمشاهدة
-----------------------------------------------------------------------------------
#Cybersecurity#BlueTeam
@robertungureanu4660 Жыл бұрын
Came across your videos a month ago and won't stop until I see ALL of them. But what really cranked me up here was hearing how PUMPED up you were when you saw it's a real(-time) attack. Gold. :) Thanks for the awesome videos. PLEASE keep doing them.
@ghsinfosec 2 жыл бұрын
Fantastic series! It's awesome that your Ubuntu instance was actively being attacked while you were making this video. That really demonstrates the value of a SIEM and also highlights the fact that attackers are always trying something. Thanks for the videos!
@cheebadigga4092 2 жыл бұрын
This channel is a goldmine! Thank you for all your time and effort!!
@chaitanyakhairnar6352 2 жыл бұрын
Thank you for creating this awesome content. Glad to see those real time attack surface and mitigation techniques. You are doing great job Alexis ❤🙌
@guerzizeb Жыл бұрын
Thank you very much, very interesting content, especially with that unexpected brute force attack. A real case.
@frankyz Жыл бұрын
Great video! I did not realize Wazuh can configure action to add active response rule. Thank you for the content! I learned a lot
@SxMT 9 ай бұрын
Great video. Loved the demo with adding some active defense.
@Lsecqt 2 жыл бұрын
Really informative, thank you!
@ShortsGFX Жыл бұрын
It is very much knowledgeable video for those who are Wazuh Siem Administrator. Thanks HS
@cyberSec00xf 2 жыл бұрын
One of the best infoSec expert..🙏
@mrkmdz Жыл бұрын
I think this is one of your better how-to videos. The real attack and watching how you used Wazuh to gather details and invoke a basic defense definitely added to what otherwise would have been a rather boring walk-through of the installation and capabilities.
@naseebullah4957 2 жыл бұрын
Hello thanks for detailed video on Wazuh! Could you please cover correlation part also.
@abedzaben Жыл бұрын
Thanks for the great video. Is there an option to to add some kind of logic to the active responses? For example, block the IP address only after 5 or 10 failed attempts?
@PrabhatKumar-tk8oy 2 жыл бұрын
Hey bro your all videos are very informative... Can you please make a video on DArknet chip (How it is use)
@mfernandes8945 8 ай бұрын
This video has been so useful! The one question I have, is how to build a set of rules that can be built into the solution **before** moving a server into production. To me, that would seem to be better than trying to deal with problems as they happen.
@Kk-rr2sb 2 жыл бұрын
bro, is there any chance to watch your videos with enable from application dark theme or if this is not a option to use "Dark reader" addons to browsers? It will be great if this is possible.
@penetrationtester Жыл бұрын
Thank you!
@lawhousekolkata 9 күн бұрын
NIce video...Can you make another video how to create rules, dashboard and how to get logs from L3 Routers
@drmikeyg Жыл бұрын
I noticed when you when you deployed the linux server on Linode, you did not setup ufw or fail2ban on linux server. If ufw and f2b are setup, will that effect Wazuh performance?
@tamalnaskar4080 2 жыл бұрын
thanku for this kind of knowledge video we want more about it plz sir.....and ur voice is more magical
@QuantumNaut Жыл бұрын
Nice walkthrough I am learning security onion in school and noticed Wazuh is part of it.
@nbctcp3450 Жыл бұрын
between them which one better and easier
@QuantumNaut Жыл бұрын
@@nbctcp3450 security onion is pretty easy to use so i would say that one but probably because i've used it more than wazuh shown in the video
@nbctcp3450 Жыл бұрын
@@QuantumNaut I have tried SecurityOnion last night. The problem was. 1. I can't pull as docker image 2. iso size is big 8GB and 6GB of it is docker repository I can't find on how to install SO in Docker. If you have one please let me know
@christojojo6590 9 ай бұрын
when we set the rule to prevent the brute force attack, That rule is for all the traffic from externa network?
@luiscarbajal5287 Жыл бұрын
Hello, question, min 24:29 Check Wazuh API connection error, How did you fix it?
@ChapalPuteh_ 9 ай бұрын
Great ! Very fruitable … 🤓
@faizfredo8296 2 жыл бұрын
How can we integrate the hive with wazuh plz make an video
@happyked 2 жыл бұрын
Are there any ways of getting the active response to block IP:s in a firewall appliance instead of the host firewall?
@andrewhughes459 Жыл бұрын
Yes, you can actually write your own scripts that execute as the active response to an alert. The location XML tag that he used specifies if the response is run on the agent machine or the wazuh server so you can specify where to run the script in response.
@noname54 Жыл бұрын
How can you install the wazuh agent on the wazuh server? I would like to monitor the actual server for attacks since its public facing. Thanks for the videos please create more with live attacks.
@leninagoras 5 ай бұрын
Wazuh-manager monitors itself.
@arnabkoley8864 Жыл бұрын
Very informative video on Wazuh Active Response
@aessi2746 Жыл бұрын
I can't run wazuh of windows 7 for some reason i have tried different versions but it still doesnt work any guides..
@javimed9669 Жыл бұрын
Hi. Once you've installed the central components on your Linux server, you can install a Wazuh agent on your Windows 7 endpoint following the "Installing Wazuh agents on Windows systems" guide on the Wazuh documentation site. Join the Wazuh community to get full answers
@ianagung6886 Жыл бұрын
There is Bandung on the geoLoc, wow
@farhamandkhan 2 жыл бұрын
Does it help in stopping DOS attack on 443 port?
@javimed9669 Жыл бұрын
Wazuh has built-in rules to correlate multiple authentication failure events and identify brute force and DDoS attacks. But you can also create your own rules to detect specific attacks. The Wazuh active response capability acts on detection of an attack and can block the attacker's IP. Also, if you have a tool to detect DDoS attack you can make Wazuh read its logs and trigger alerts and an active response. Join the Wazuh community to get further answers.
@farhamandkhan Жыл бұрын
@@javimed9669 Thanks👍
@M_IZAN 2 жыл бұрын
What is your operating system name💜💜
@fsdaaffa Жыл бұрын
Am from Kenya and I really don't think the attacker was from Kenya😂Great series
@toddeHB_GW 11 ай бұрын
Please.... Never ssh with root. Basic rule 🙏
@manishhr4450 2 жыл бұрын
Please continue with web app penetration
@minimalny30 Жыл бұрын
Katarzyna means „Kate” in Polish 😅
@abofan29 2 жыл бұрын
First
@user-wk8fi5ut5l 8 ай бұрын
Ubuntu is not operative. Alpine Linux is mine.
@devurien 2 жыл бұрын
Katarzyna - Polish female name ;-).
@HackerSploit 2 жыл бұрын
Thank you for letting me know. Unfortunately I butchered the pronunciation.
@devurien 2 жыл бұрын
@@HackerSploit Everything was perfect like you and your channel. I saw many Polish names and surnames in your video. But attacker IPs was from China. This is interesting regardless to what is happening in Ukraine. And how Poles help refugees from Ukraine. It may be naive but it is interesting.
@shokuinstaff7666 Жыл бұрын
ada indonesia coyy
💀Skeleton Ninja🥷【にんげんっていいなチャンネル】
Рет қаралды 8 МЛН
David Bombal
Рет қаралды 153 М.