Clustering and Load Balancing Wazuh Managers - Let's Deploy a Host Intrusion Detection System #8

Подписаться 18 тыс.

Просмотров 6 тыс.

50% 1

Join me as we configure Wazuh clustering and load balancing to allow for redundancy and growth. Let's deploy a Host Intrusion Detection System and SIEM with free open source tools. Join me as we explore and learn together.
Check us out: www.opensecure.co/
Interact with our demo: www.opensecure.co/demo
Hire us: www.opensecure.co/contact-us

Наука

Опубликовано:

30 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 18

@user-hy5dp8vl2q 2 года назад

Thank you for tutorial

@taylorwalton_socfortress 2 года назад

You're welcome 😊

@SecInFunny Год назад

Hi there, great series. In this video you mentioned the clustering for filebeat and the indexers, can I ask where is it? I looked all your video but do not see it. Thanks alot

@QonCalculations Год назад

Hey Taylor. Sorry for the late question. I could see the load balancer is switching the connection, but will the dashboard work when the master node is switched off?. I was trying the clister installation and it says API not available when the master server node is powered off.

@aaronputra5578 2 года назад

Hi man! Very appreciate your works on this video. Just wondering, is there any way to make the Master nodes HA? I saw no HA on the nodes except the Workers. Cheers mate!

@taylorwalton_socfortress 2 года назад

Hey Aaron, clustering of the masters could be done with keepalived: www.redhat.com/sysadmin/keepalived-basics This allows you to create a virtual IP that both master nodes share, if one node goes down. the other node gets assigned the virtual IP. Great tool for HA!

@PC_solver Год назад

@@taylorwalton_socfortress please try to make a video on HA of wazuh and elasticsearch.

@akshanshshrivastava3761 2 года назад

can this be automated if its done using kubernetes setup?

@hackyourfuture Год назад

Hi Taylor, what´s up!? I have a question.... What´s the best scenario when you plan to start with 1000 Windows Server agents and scale up to 10000 servers? What would be the ideal number of master nodes and workers and its resources (vCPU, Storage, Memory). Thank you, your videos are amazing.

@taylorwalton_socfortress Год назад

Hey Ricardo, I'd recommend starting with a 2 node cluster (one master and one worker). 6 Cores, 6GB mem, and 150GB disk should be a good starting point. Make sure you rotate the alerts.json logs (/var/ossec/logs/alerts/2022/*) frequently or you risk running out of room on disk which impacts the ability for storing this logs into Elasticsearch. As you start to grow, you can add a new worker node to the cluster with no downtime. If you would like our Professional Services assistance, shoot me an email at taylor.walton@socfortress.co Thanks for watching and happy defending :)

@hackyourfuture Год назад

@@taylorwalton_socfortress thank you so much for the tips and information. You're doing a great job and you've certainly helped the opensource community a lot.

@gabrielguedes197 3 года назад

Are you using all in one installation to deploy this two?

@taylorwalton_socfortress 3 года назад

Hey Gabriel, For creating a cluster of Wazuh Managers you do not need re create the backend infrastructure (Elasticsearch and Kibana). The Wazuh Managers will point to the same Elasticsearch server or cluster of Elasticsearch servers. For example, if I were to stand up a new environment, I would create a Wazuh Manager, Elasticsearch, Kibana, and Filebeat. Now If I want to add another Wazuh Manager to the cluster, I would just create a Wazuh Manager and Filebeat. No need to create a new Elasticsearch and Kibana server, but we need to make sure the Filebeat service on the new Wazuh Manager points to the Elasticsearch server we previously created. Hope that helps but let me know if you have any further questions. Thanks for watching!

@gabrielguedes197 3 года назад

@@taylorwalton_socfortress thank you very much for the answer, I will use this to plan in the future! I'm currently using ansible to deploy a cluster with 2 wazuh nodes (manager and worker), 3 ODFE and a kibana + ODFE. I provisioned this infrastructure with Vagrant, all very quickly. I think this is a good idea for a video! Thank again!!

@taylorwalton_socfortress 3 года назад

@@gabrielguedes197 Hey Gabriel, I appreciate the recommendation and I am glad I could help. I will add your recommendation to the list :) Thanks for watching!