Wazuh App, User Logins, and File Integrity - Let's Deploy a Host Intrusion Detection System #5

Подписаться 18 тыс.

Просмотров 9 тыс.

50% 1

Join me as we configure the Wazuh App plugin and detect security events outputted from our agents. Let's deploy a Host Intrusion Detection System and SIEM with free open source tools. Join me as we explore and learn together.
Check us out: www.opensecure.co/
Interact with our demo: www.opensecure.co/demo
Hire us: www.opensecure.co/contact-us

Наука

Опубликовано:

4 фев 2021

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 22

@voiceofboni 2 года назад

Thanks you Boss . i learn more and more information . actually I'm recently working security onion . I really like your videos. I have learned a lot from you. Thanks!

@taylorwalton_socfortress 2 года назад

Thanks for watching! I hope to get to security onion videos soon :)

@rodrigolfrs 2 года назад

I really like your videos. I have learned a lot from you. Thanks!

@taylorwalton_socfortress 2 года назад

Thanks for watching!

@marachedder1652 2 года назад

thank you for tutorials

@samuraidenis 2 года назад

Thanks again

@cowbe0x004 11 месяцев назад

@29:41 How do you go about changing the behavior so wazuh doesn't log all those download progress?

@RaSh_100India 2 года назад

For the file integrity part the alerts are not showing in the Wazuh manager, what could be the reason? I have filebeats installed but not logstash, do I need both ?

@redhat3831 2 года назад

same here, did you solved that already sir?

@RaSh_100India 2 года назад

@@redhat3831 Yes I was able to fix it by using the cmd -

@neithaltair4597 3 года назад

can you help me please, when i connect with ssh to agent, in the events show "Logon Failure - Unknown user or bad password", and i dont see the "sshd", why ? . tks

@taylorwalton_socfortress 3 года назад

Hey Neith, what OS are you logging to capture SSH logs from? Also, what version of the SSH service are you running? Possibly, we need to add a decoder that will better fit your ssh log output.

@neithaltair4597 3 года назад

@@taylorwalton_socfortress i have a wazuh manager in ubuntu desktop, and im trying to catch the login through ssh when i connect to Windows agent.

@taylorwalton_socfortress 3 года назад

@@neithaltair4597 Hey Neith, apologies for the late reply. If the Wazuh Agent is a Windows server than it will most likely be a RDP login attempt and not an SSH login attempt. Try looking for rule id 18107. Hope this helps and thanks for watching!

@pawelsmierciak2559 3 года назад

I have linux servers updated (debian) with all patches and wazuh vulnerability detection shows many CVE's maybe you have any idea why ?

@taylorwalton_socfortress 3 года назад

Hey Pawel, perhaps the module is not enabled as it should be? Ensure that both the agent and the manager are both configured to run the vulnerability scanning. An example is provided here: documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/running_vu_scan.html Hope that helps and let me know if you have any other questions. Thanks for watching!

@pawelsmierciak2559 3 года назад

@@taylorwalton_socfortress will check thanks! but my problem was - my machines were up2date and wazuh reported vulnerabiliteis ;)

@karlmaamary8181 3 года назад

I have the same problem with a linux user agent (debian)

@pawelsmierciak2559 3 года назад

@@karlmaamary8181 well i have solved it - all is ok - you need to switch from stable to sid and in sid everything is patched

@karlmaamary8181 3 года назад

@@pawelsmierciak2559 Thank you!

@nopromises884 2 года назад

geolocation not shown when i ssh and put some wrong password please help me out

@taylorwalton_socfortress 2 года назад

Hey, what does the raw log of a failed ssh login look like? It could be that the source IP is not being identified as a Geolocation field. What version of SSH are you running?