Self-paced

Explore our extensive collection of courses designed to help you master various subjects and skills. Whether you're a beginner or an advanced learner, there's something here for everyone.

Bootcamp

Learn live

Join us for our free workshops, webinars, and other events to learn more about our programs and get started on your journey to becoming a developer.

Upcoming live events

Learning library

For all the self-taught geeks out there, here is our content library with most of the learning materials we have produced throughout the years.

It makes sense to start learning by reading and watching videos about fundamentals and how things work.

Search from all Lessons


LoginGet Started

Register to 4Geeks

← Back to Projects

Wazuh: Installation and Endpoint Configuration to protect your machines with with this endpoint detection and response agent

Difficulty

  • intermediate

Average duration

3 hrs

Technologies

  • siem

  • cybersecurity

  • linux

  • pentesting

  • edr

  • wazuh

Difficulty

  • intermediate

Average duration

3 hrs

Technologies

Before you start...

We need you! These exercises are created and maintained in collaboration with people like you. If you find any errors or typos, please contribute and/or report them.

🌱 How to Start This Project

This exercise comprises three stages:

  • Download and install Wazuh from a virtual machine (according to the official documentation).
  • Download and install the Wazuh agent on another machine/endpoint (in this case, we will use Kali Linux).
  • Evaluate or monitor the EDR (Endpoint Detection and Response) of the Kali machine on the Wazuh dashboard.

📝 Instructions

Install Wazuh on a Machine to Use as a Server

Wazuh can generate real-time alerts based on events collected from endpoints, allowing you to act quickly on security incidents. This is crucial for an effective EDR, as it enables security teams to investigate and respond to threats before they cause damage. Let's start with the installation based on VirtualBox.

  1. Download the Wazuh OVA image.
  2. Change the graphics controller in VirtualBox Turn off the virtual machine if it is running and go to the machine's settings in VirtualBox. Navigate to the Display section, and in the Graphics Controller section, select VMSVGA.
  3. Save the changes, reboot the virtual machine, and log in with the credentials provided in the official documentation.
1user: wazuh-user 2password: wazuh
  1. Run the following commands to update the machine:
1sudo -i
  1. Find the machine's IP and use the obtained IP to access the Wazuh dashboard from a browser using the following URL:
1https://<IP_DE_TU_MAQUINA>/app/login

💡 You can do this from your host machine.

image 1

  1. Finally, log in to the Wazuh interface with the credentials provided in the documentation.
1user: admin 2password: admin

Configure the Endpoints

To perform a test with Wazuh as an EDR, you can add some endpoints (machines with Wazuh agents) that will simulate network activity.

Agents in Wazuh are software installed on endpoints, such as servers, workstations, or devices, to monitor the security of those systems. These agents collect security data and events from the endpoints and send them to the Wazuh Manager, where they are analyzed to detect threats, vulnerabilities, and anomalies.

Install and configure the Wazuh agent on Linux (in our case, Kali Linux)

  1. In the server management > endpoints summary option, add a new agent. You will see a view like this.

imagen 2

  1. Select the operating system of the endpoint you want to add, its architecture, the IP address of the Wazuh server we created earlier, and a label/name for that endpoint. Once done, it will generate a command for you to run on the endpoint (in our case, the Linux machine).

imagen 3

  1. Once you have pasted the command generated by Wazuh and the installation is complete, run the following commands on the same endpoint machine:
1sudo systemctl daemon-reload 2sudo systemctl enable wazuh-agent 3sudo systemctl start wazuh-agent

If everything goes well, click close and look for the active agents in the panel. You will see a view like this.

imagen 4

Monitor Activity in the Wazuh Dashboard

To monitor changes and events in the Wazuh dashboard using the EDR functionality, you can perform several actions on your Kali system that will generate alerts and events.

Threat Simulation

After performing these actions, you can check the Wazuh dashboard under the Threat Hunting option for the specific endpoint. You will see something like this:

image 5

⚠ The Wazuh dashboard updates automatically every 15 minutes. If you don’t see the changes reflected immediately, wait until the next automatic update. If after 15 minutes you still don’t see the changes, check the agent logs to ensure there are no errors in the configuration or in the connection to the server.

You’re all set, you’ve successfully installed Wazuh and used it as an EDR! 😎

Signup and get access to similar projects

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

3 hrs

Technologies

Difficulty

  • intermediate

Average duration

3 hrs

Technologies

Difficulty

  • intermediate

Average duration

3 hrs

Technologies

Difficulty

  • intermediate

Average duration

3 hrs

Technologies

Signup and get access to similar projects

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

3 hrs

Technologies

Difficulty

  • intermediate

Average duration

3 hrs

Technologies