Monday, July 19, 2021

Wazuh on Windows using docker

You can ignore the memory instructions athttps://documentation.wazuh.com/current/docker/wazuh-container.html and just bring up a git bash shell from https://git-scm.com/download/win

git clone https://github.com/wazuh/wazuh-docker.git - b v4.1.5 --depth=1
cd wazuh-docker
docker-compose up

You'll need to install an agent on the host and point it to localhost. Here's the command that the "Add agent" gives you for a privileged PowerShell: 

Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.1.5-1.msi -OutFile wazuh-agent.msi; ./wazuh-agent.msi /q WAZUH_MANAGER='localhost' WAZUH_REGISTRATION_SERVER='localhost' WAZUH_AGENT_GROUP='default'

If the agent doesn't seem to register, do:

C:\Program Files (x86)\ossec-agent\agent-auth.exe' -m localhost

Check the log for errors etc via:

more 'C:\Program Files (x86)\ossec-agent\ossec.log'

If you need to remove an existing agent to try again, do:

msiexec.exe /x wazuh-agent.msi /qn 

No comments: