Monday, July 19, 2021

Wazuh on Windows using docker

You can ignore the memory instructions at and just bring up a git bash shell from

git clone - b v4.1.5 --depth=1
cd wazuh-docker
docker-compose up

You'll need to install an agent on the host and point it to localhost. Here's the command that the "Add agent" gives you for a privileged PowerShell: 

Invoke-WebRequest -Uri -OutFile wazuh-agent.msi; ./wazuh-agent.msi /q WAZUH_MANAGER='localhost' WAZUH_REGISTRATION_SERVER='localhost' WAZUH_AGENT_GROUP='default'

If the agent doesn't seem to register, do:

C:\Program Files (x86)\ossec-agent\agent-auth.exe' -m localhost

Check the log for errors etc via:

more 'C:\Program Files (x86)\ossec-agent\ossec.log'

If you need to remove an existing agent to try again, do:

msiexec.exe /x wazuh-agent.msi /qn 

No comments: