You can ignore the memory instructions athttps://documentation.wazuh.com/current/docker/wazuh-container.html and just bring up a git bash shell from https://git-scm.com/download/win
git clone https://github.com/wazuh/wazuh-docker.git - b v4.1.5 --depth=1
cd wazuh-docker
docker-compose up
You'll need to install an agent on the host and point it to localhost. Here's the command that the "Add agent" gives you for a privileged PowerShell:
Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.1.5-1.msi -OutFile wazuh-agent.msi; ./wazuh-agent.msi /q WAZUH_MANAGER='localhost' WAZUH_REGISTRATION_SERVER='localhost' WAZUH_AGENT_GROUP='default'
If the agent doesn't seem to register, do:
C:\Program Files (x86)\ossec-agent\agent-auth.exe' -m localhost
Check the log for errors etc via:
more 'C:\Program Files (x86)\ossec-agent\ossec.log'
If you need to remove an existing agent to try again, do:
msiexec.exe /x wazuh-agent.msi /qn
No comments:
Post a Comment