Difficulty
intermediate
Average duration
3 hrs
Technologies
linux
cybersecurity
penetration testing
wazuh
siem
edr
Difficulty
intermediate
Average duration
3 hrs
Technologies
linux
cybersecurity
penetration testing
wazuh
siem
edr
We need you! These exercises are created and maintained in collaboration with people like you. If you find any errors or typos, please contribute and/or report them.
This exercise comprises three stages:
Wazuh can generate real-time alerts based on events collected from endpoints, allowing you to act quickly on security incidents. This is crucial for an effective EDR, as it enables security teams to investigate and respond to threats before they cause damage. Let's start with the installation based on VirtualBox.
Graphics Controller
section, select VMSVGA
.1user: wazuh-user 2password: wazuh
1sudo -i
1https:<IP_DE_TU_MAQUINA>/app/login
💡 You can do this from your host machine.
1user: admin 2password: admin
To perform a test with Wazuh as an EDR, you can add some endpoints (machines with Wazuh agents) that will simulate network activity.
Agents in Wazuh are software installed on endpoints, such as servers, workstations, or devices, to monitor the security of those systems. These agents collect security data and events from the endpoints and send them to the Wazuh Manager, where they are analyzed to detect threats, vulnerabilities, and anomalies.
1sudo systemctl daemon-reload 2sudo systemctl enable wazuh-agent 3sudo systemctl start wazuh-agent
If everything goes well, click close and look for the active agents in the panel. You will see a view like this.
To monitor changes and events in the Wazuh dashboard using the EDR functionality, you can perform several actions on your Kali system that will generate alerts and events.
After performing these actions, you can check the Wazuh dashboard under the Threat Hunting
option for the specific endpoint. You will see something like this:
⚠ The Wazuh dashboard updates automatically every 15 minutes. If you don’t see the changes reflected immediately, wait until the next automatic update. If after 15 minutes you still don’t see the changes, check the agent logs to ensure there are no errors in the configuration or in the connection to the server.
You’re all set, you’ve successfully installed Wazuh and used it as an EDR! 😎
Difficulty
intermediate
Average duration
3 hrs
Technologies
linux
cybersecurity
penetration testing
wazuh
siem
edr
Difficulty
intermediate
Average duration
3 hrs
Technologies
linux
cybersecurity
penetration testing
wazuh
siem
edr
Difficulty
intermediate
Average duration
3 hrs
Technologies
linux
cybersecurity
penetration testing
wazuh
siem
edr
Difficulty
intermediate
Average duration
3 hrs
Technologies
linux
cybersecurity
penetration testing
wazuh
siem
edr
Difficulty
intermediate
Average duration
3 hrs
Technologies
linux
cybersecurity
penetration testing
wazuh
siem
edr
Difficulty
intermediate
Average duration
3 hrs
Technologies
linux
cybersecurity
penetration testing
wazuh
siem
edr