https://documentation.wazuh.com/current/docker/wazuh-container.html
Works, but one has to use 127.0.0.1 for the host MacOS agent as docker for Mac only can listen to 127.0.0.1.
Tuesday, June 29, 2021
Monday, June 28, 2021
Wazuh on Windows
Download an OVA from: https://documentation.wazuh.com/current/virtual-machine/virtual-machine.html
Fire up VirtualBox and choose File, Import Appliance:
Find the file you downloaded:
Accept the settings and import:
Make sure you are using the Bridged Adapter. Start the VM it should look like:
The login is root/wazuh. You need to find the IP address via "ip a":
It's been my experience that elasticsearch doesn't always come up, so check via "systemctl status elastic.service". If it's not up, do "systemctl restart elastic.service" and check via status again.
Now, you should be able to get the login screen via your browser at https://<the IP address of the VM>. You will get the warning; this is one of the few times you should accept the risk as it's a VM on your own machine with a self-signed certificate.
You can now login to Wazuh with admin/admin
After some checks, you'll see the home screen. It shows zero agents, so you'll need to "Add agent".
This will give you a command you need to issue in PowerShell, which you have to run as administrator.
Paste the command, a number of shells will pop up briefly as the client is installed.
Now, you should be able to go to the Wazuh home screen and see that the agent is communicating.
A good place to start is the "Security configuration assessment" for the agent.
Subscribe to:
Posts (Atom)