Today we had a blast playing with Wazuh as a SIEM you can use for work and/or home. Inspiration for this episode came from Network Chuck.
This one-liner will literally get Wazuh installed in about 5 minutes:
curl -sO https://packages.wazuh.com/4.4/wazuh-install.sh && sudo bash ./wazuh-install.sh -aP.S. if you accidentally close your command window before writing down the admin password (like I did), you can use this command to retrieve it:
sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txtOnce Wazuh is installed, I recommend going to Management > Configuration > Edit Configuration, look for a section that starts with and change no to yes.
Also, before you start deploying agents, I recommend making some groups for them, which I believe has to be done at the command line:
/var/ossec/bin/agent_groups -a -g windows-boxes -q /var/ossec/bin/agent_groups -a -g linux -qFrom there you should be ready to start rockin' some agent installs. Have fun!