Really well explaine. awesome brother.

got this to work but had to modify the path to the playbook imports and also main had agent version at 5.0, updated to 4.8.0 and it worked.

Hey man, I got the opencti with the alienvault connector working, thank you very much for that - but I am unable to get any feed into my opencti platform , I want to retrive not just the new pulses but also some old ones, my alienvault connector shows nill operatins and nill in progress. Thank you in advance

Good Day Friends, i have a question, is this wazuh server compatible with graylog server? which version should i try to install, and which settings / tutorial to use if i try to start SIEM? thank you

Where did the Home Page and Modules go? I have 2 installs of 4.8 Amzn Linux OVA installed on different VMWare boxes. One has the small House Icon and full Wazuh with a blue dot. It has homepage and access to the modules. The other only has the letter W with blue dot and no access to home page or modules. Both were installed as the Thick version. Where is module access now?

Which terminal is this? :O Thank you for the video <3

Please make an update video integrating this new version with copilot. I am having issues on the integration because of the different setting. Thanks again, you are an inspiration.

please help, I am having a "Temporary failure in name resolution" error in my copilot when connecting. Also, are we able to generate report from DFIR-IRIS data? Like count of closed cases for the month, or count of open cases, alerts, etc

Hi I started to created my homelab environment using your SIEM playlist. I have learned a lot and your content is really helpful. I just started to configure copilot in my environment. Works super great with dfir-iris. Thank you for this. Can you also please do an update with Wazuh 4.8.0, it has different settings under the user config and I am having an error whenever I tried to connect them

Hi, I have use OpenSearch in our AWS environment, however, I am unable to do log rollover to warm and cold for cost savings. While our OpenSearch keep breaking due to out of space in hot storage. I have applied ISM to indeces but it fails. I am using lambda function to load logs. Is there anything I should do in our lambda function to make it work? Also I am considering to move away from OpenSearch to Wazuh, whats your feedback on that? Thank you.

Thanks a lot , can you show to enable integrity monitoring on Server and agnet Debian ?

Thanks a lot

How about upgrade on wazuh docker version 4.6.0 to 4.8.0 ? i hope you'll make tutorial on it..

Already installed 4.8.0-1 server and agents! You are awesome keep up the good work

Help me, I had problems when installing Worldmap Panel. I am using grafana v11. In the grafana plugin the worldmap panel option didn't appear, and finally I installed it using the CLI. I have followed these steps, but when searching the worldmap panel I couldn't find it. Is there a problem with the grafana version?

I was able to create connection to the indexer(had to change the IP from 127.0.0.1 to 0.0.0.0 in the indexer config) but I'm unable to for the Manager.... (wazuh 4.8) (Quick install)

Please please please provide recommended system requirements for the full stack…. Please! 😊

What is the system requirement for Copilot (Min and Max) ?

Taylor Walton, May I suggest you do a new video for Wazuh 4.8

After some days trying to use this sandbox i found your tutorial, it solved my problems and is working great! Thanks a lot.

Awesome

Awesome

Love it, please keep going

Hi taylor, wazuh won't run anymore

Hey Taylor, I'm not against SS (I actually like it a lot), but have you considered Prowler? I once tried to update the prowler wazuh wodle and it "kind of" worked but it didn't get anywhere. However, its JSON output is pretty easy to work with

How many VPS machines, and server specifications (vcpu, ram, ssd) are needed for a small network infrastructure? Thank you.

Why does socfortress site is not available to my country?

Already follow this tutorial but im stack while open it in browser with port 8080

Hi, tks for your clip, but u should zoom in your terminal, sometimes its difficult to view

Hi Taylor, Wonderful job in creating this tool. I was wondering if this can integrate with cloud version of Wazuh , if yes, do we need to follow the same steps as you explained in your other video? Also would you be able to do a video on integrating malwarebytes cloud EDR with co pilot?

When I am going to export a case from hive to misp it shows an error. Can you please give me a solution. I tried so many times to solve it but i couldn't fix that.

can't use Greynoise free anymore :( Graylog asking for the subscription one

While retrieving data for this widget, the following error(s) occurred: Elasticsearch exception [type=illegal_argument_exception, reason=key [types] is not supported in the metadata section]. Why I'm having this error ?

For some reason, I've been unable to actually start using MISP after deployment, because the documentation and training I've seen so far is just not usable for beginners. Is there any other training that can be leveraged?

This product is discontinued, I could not find the download link or any other way to download it

No Mitre results were found in the selected time range. :(

Hi guys i have "There are no results for selected time range. Try another one." - MITRE, Compilance. How can i fix it? I installed everything from tutorial the SOCFortress Way

Hello, did you do a video about shuffle automation with IRIS ?

Will it take more than an hour to copy a website?

I have imported the root-ca.pem into graylog but i still get 2024-06-05T22:29:19.666+02:00 INFO [VersionProbe] OpenSearch/Elasticsearch is not available. 2024-06-05T22:29:24.683+02:00 ERROR [VersionProbe] Unable to retrieve version from Elasticsearch node: unexpected end of stream on ingest.soc.local:9200/... - not found: limit=0 content=…: not sure what i can do, i have followed the video to the core, I have repeated the install and config a couple of times but i do not know what I am doing wrong

Please, can you make a video for incident response in shuffle through cortex responder? Maybe, as the completion of this particular automation. Thank you.

Hi Taylor, I tried installingt the copilot but the backend application is not coming up keeps failing with the following error message sqlalchemy.exc.OperationalError: (pymysql.err.OperationalError) (1045, "Access denied for user 'root'@'172.23.0.4' (using password: YES)")

Hello Walton, Do you mind doing a video on Wazuh Integration with DFIR Iris ? I believe alot of people will love to see that.... Thank You

Great job!! There is one thing, I cannot login with the password prompted at the end of the installation. How can I reset that password?

kzfaq.info/get/bejne/gNJimpCQ1rC1l4E.html

kzfaq.info/get/bejne/gNJimpCQ1rC1l4E.html this is a soc build with open source tools and many other things for security

Hi Taylor. How do I add my customer's endpoints to opencti ?

Congrats for all your work Taylor! I'm having a problem [Failed to send POST request to /api/system/indices/index_sets with error: Index prefix "wazuh-testes" would conflict with existing index set prefix "wazuh-teste"] when trying to create the provision. Could you help me? I thought in deleting the existing index set, but can't find it

Awesome dude!!! I appreciate the knowledge :) I'll follow the series and implement it fully!

. - unable to find valid certification path to requested target. 2024-05-30T00:33:37.262-04:00 INFO [VersionProbe] Elasticsearch is not available. Retry #344 2024-05-30T00:33:42.278-04:00 ERROR [VersionProbe] Unable to retrieve version from Elasticsearch node: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. - unable to find valid certification path to requested target. 2024-05-30T00:33:42.279-04:00 INFO [VersionProbe] Elasticsearch is not available. Retry #345 2024-05-30T00:33:47.301-04:00 ERROR [VersionProbe] Unable to retrieve version from Elasticsearch node: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. - unable to find valid certification path to requested target. 2024-05-30T00:33:47.301-04:00 INFO [VersionProbe] Elasticsearch is not available. Retry #346 2024-05-30T00:33:52.330-04:00 ERROR [VersionProbe] Unable to retrieve version from Elasticsearch node: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. - unable to find valid certification path to requested target. 2024-05-30T00:33:52.330-04:00 INFO [VersionProbe] Elasticsearch is not available. Retry #347 2024-05-30T00:33:57.353-04:00 ERROR [VersionProbe] Unable to retrieve version from Elasticsearch node: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. - unable to find valid certification path to requested target. 2024-05-30T00:33:57.354-04:00 INFO [VersionProbe] Elasticsearch is not available. Retry #348