FREE SIEM Stack in Seconds! - Deploy a Wazuh SIEM Within Seconds with Docker! 

Amazing! Thanks for the video.

Hello, first of all thank you very much, your videos have helped me a lot for my university laboratories, I wanted to ask a question about Wazuh, how can I add an agent to an Esxi server? I have had a hard time finding reliable and working information Thank you very much in advance and you have a new subscriber

Thanks for awsome video bro

Great video! Super Informative! But I had a quick question. I know that you were very detailed and informative but I'm fairly new to SIEMs and Wazuh in general. Aside from the points you made about elastic search storing the logs, and kibana being able to query the logs stored, are there really any other major differences? For example, would wazuh work on its own without elastic search and kibana (would I be able to see alerts in real time and the details)? I managed to install the wazuh manager and add an agent but didn't notice any major difference (within the interface). Perhaps it's because I'm new to wazuh, but I asked because I was using wazuh for a home lab that I'm currently setting up. Thanks in advance

Great vid as usual. What are the minimal specs expected to run your "build" ?

thank you so much from thai

Great tutorial, one one suggestion the ubutu command screen should be little bit visible .

Hi Taylor, I appreciated your videos. But, I have a question that can we remove the user that on the describe line said "Demo" or not?

Yes!! you are awesome dude,, 2 questions, How do you interact with individual containers? and when making configuration changes to the wazuh-master, do i have to log into that container ?

Where are the file under /ossec/bin be stored, that is the config file of the wazuh manager ? Because I checked /var/ossec doesn;t exist when we follow docker type of installation.

Thanks for awsome video, but i have an error about opendistro_security plugin. Error Messages like ["kibana_1 | Unable to remove plugin because of error: "Plugin [opendistro_security] is not installed"]. For your information, I am using latest version for kibana.

Looks like things have changed a bit with 4.3.8. Also compose is included as a plugin, no longer need to download and install that. So 'docker compose ...' instead of 'docker-compose ...'

So I am totally new to the implementation of using containers in proxmox as well as docker. Can you help me better understand if I should be installing docker on separate container or vm or would it be more proper to have a dedicated docker server for this and any other projects I do. For instance I did an uptime kuma install not long ago. Should one docker install be utilized for both projects or continue creating separate proxmox containers with an instance for their own category of use?

Can you help me with this question. If we are running the VMS on linux but I want to secure my windows. How does that work? I never really understood how company's secure there network running so many difference OS's im still new to the field and im trying to get a good understanding ! Please and thank you!

Thanks for the video! is very interesting, i have a question: can i install this in the same server where i have a MISP working?

I followed and installed everything in this video first. Now I'm currently doing the same for videos part 1-5, Wazuh Indexer, GrayLog, Wazuh Manger, Wazuh Agent and pt5 Security Log Routing... I'm sooo confused. Help?

Great video! I noticed the Wazuh API password was a default password as well. Would you just change that directly in the production-cluster.yml file or is there anywhere else that would need the API password changed to a custom one? Thanks!

Taylor, would this setup work on a Synology DS220+ 2-Bay NAS ?

I want to set this up and work with this and VT

"Kibana server is not ready yet" how did you fix it please

How to handle kibana server not ready yet?

Is there some sort of mind logging going on? I think of something I'd like to do with Wazuh and next thing I know you make a video about it

Hello, thanks for great video. I've installed all components, installation has been finished successfully. I installed on Ubuntu 20.04. But when I access to the Kibana's web insterface, "Kibana server is not ready yet" error appears. Could you help me to resolve the problem?

When the new version get released, how do you upgrade your container?

Great video! I don't have any error while installing, but the 502 bad gateway appears on my browser. Any idea?

I'm using the exact same config as you, followed it to the letter and it just flat out doesn't work. Just consistent XML errors from the wazuh agents.

Which SSH client are you using?

How long does it take for the kibana server to load? trying to login to my Wazuh server and it is saying that the "Kibana server is not ready yet"

How do i start the SIEM docker again after I restart my virtual box where the stack is deployed??

can some one please help me I keep getting Kibana server is not ready yet

Does this work with a raspberry pi?

oof, I can't get the nginx container to start - anyone had this problem?

Dude u totally clowned it, if u follow ur steps we get the same error at 17:58.... and then u cut to when uit actually works....

Awesome video but your microphone quality is terrible and has a lot of distortion on the treble. A good microphone setup from elgato would fix that right up as currently sounds like you are using a cheap headset

I watch all your videos. This is cool. There are several questions about this lesson. With SIEM in docker: - by edit Cluster configuration not saved after docker-compose down and up; - not work with configured to receive log events through syslog even with syslog 514 tcp xxx.xxx.x.x/24 How to make it work?

EDIT! I fixed it! Within the compose.yaml there's a memlock and soft -1 hard -1 and after that the ulimit 65k is there as needed. Docker users will have to remove the memlock and the duplicate soft/hard and the container will boot! Hoping you can give some assistance. Doing a fresh install of 4.4.5 in docker in a proxmox VM. After installing the Wazuh docker following the latest instructions, I receive this error Attaching to single-node-wazuh.dashboard-1, single-node-wazuh.indexer-1, single-node-wazuh.manager-1 Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error setting rlimits for ready process: error setting rlimit type 8: operation not permitted: unknown I can get the container running if I set a Ulimit as so docker run --name single-node-wazuh.indexer-2 --ulimit nofile=20000:40000 -d wazuh/wazuh-indexer:4.4.5 The issue is now that container is located in another stack that's called build-docker-images instead of "single-node" Do you have any ideas on how to fix it? If you install the latest version of docker wazuh through git-singlenode I'm sure you'll find the same issue.