ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Tags
    3. wazuh
    Log in to post
    • All categories
    • notverypunny

      Wazuh Windows Folder Access Monitoring
      IT Discussion • wazuh • • notverypunny

      1
      1
      Votes
      1
      Posts
      146
      Views

      No one has replied

    • scottalanmiller

      Wazuh with Agents with Overlapping IP Addresses
      IT Discussion • wazuh wazuh agent • • scottalanmiller

      7
      1
      Votes
      7
      Posts
      554
      Views

      scottalanmiller

      https://groups.google.com/forum/#!topic/wazuh/qTwOj_MQHNU

    • DustinB3403

      Unsolved Wazuh Agent Dashboard
      IT Discussion • wazuh dashboard • • DustinB3403

      1
      0
      Votes
      1
      Posts
      147
      Views

      No one has replied

    • DustinB3403

      Kibana Wazuh Agent isn't showing anything in integrity
      IT Discussion • wazuh wazuh-manager windows syscheck • • DustinB3403

      32
      0
      Votes
      32
      Posts
      1030
      Views

      DustinB3403

      @IRJ said in Kibana Wazuh Agent isn't showing anything in integrity:

      @DustinB3403 said in Kibana Wazuh Agent isn't showing anything in integrity:

      Well I'm making progress, I at least have nginx responding when I hit the page with An error occurred during a connection to 192.168.1.100:5601. SSL received a record that exceeded the maximum permissible length.

      Error code: SSL_ERROR_RX_RECORD_TOO_LONG

      server { listen 80; listen [::]:80; listen 5601; listen [::]:5601; return 301 https://$host$request_uri; } server { listen 443 ssl; listen [::]:443; ssl_certificate /etc/pki/tls/certs/kibana-access.pem; ssl_certificate_key /etc/pki/tls/private/kibana-access.key; access_log /var/log/nginx/nginx.access.log; error_log /var/log/nginx/nginx.error.log; location / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; proxy_pass http://localhost:5601/; } }

      Why are you listening on 5601?

      proxy_pass http://localhost:5601/; will redirect 5601 to 443

      That is no longer in the file, I was testing with it. The below is current.

      server { listen 80; listen [::]:80; return 301 https://$host$request_uri; } server { listen 443 ssl; listen [::]:443; ssl on; ssl_certificate /etc/pki/tls/certs/kibana-access.pem; ssl_certificate_key /etc/pki/tls/private/kibana-access.key; access_log /var/log/nginx/nginx.access.log; error_log /var/log/nginx/nginx.error.log; location / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; proxy_pass http://localhost:5601/;
    • DustinB3403

      Kibana Wazuh - No login page option
      IT Discussion • wazuh wazuh-manger httpd • • DustinB3403

      14
      0
      Votes
      14
      Posts
      665
      Views

      DustinB3403

      This is how you change the password.

    • DustinB3403

      Unsolved SCA grub2-setpassword not registering as passing
      IT Discussion • wazuh centos 7 sca • • DustinB3403

      3
      0
      Votes
      3
      Posts
      128
      Views

      DustinB3403

      While I would generally agree with that, it feels as if I'm just missing 1 step to this process.

    • DustinB3403

      Solved Wazuh - operational and can add agents - now what
      IT Discussion • wazuh windows log management alerts • • DustinB3403

      23
      1
      Votes
      23
      Posts
      1409
      Views

      IRJ

      @DustinB3403 said in Wazuh - operational and can add agents - now what:

      @IRJ said in Wazuh - operational and can add agents - now what:

      So you already filtered it. Just click discover on top right

      Doh that is so easy that I didn't even think that was it.

      @DustinB3403

      3a8e8726-f742-493d-a2cd-5f54c82ce4fb-image.png

    • IRJ

      Monitoring services on wazuh
      IT Discussion • wazuh automation services linux • • IRJ

      1
      2
      Votes
      1
      Posts
      309
      Views

      No one has replied

    • IRJ

      Testing Suricata with Wazuh in a VM test environment - Installation
      IT Discussion • suricata wazuh wazuh-manager nids hids elk • • IRJ

      1
      3
      Votes
      1
      Posts
      2199
      Views

      No one has replied

    • IRJ

      Wazuh - Configuring Custom Rules Based on Hostname
      IT Discussion • wazuh siem • • IRJ

      2
      3
      Votes
      2
      Posts
      509
      Views

      IRJ

      It sucks that you cant create rules by group yet. The devs have submitted a feature request for it on my behalf so hopefully soon 🙂

    • IRJ

      Wazuh - Configuring Groups for Centralized Management
      IT Discussion • wazuh • • IRJ

      1
      3
      Votes
      1
      Posts
      298
      Views

      No one has replied

    • IRJ

      Wazuh Manager Install - Ubuntu
      IT Discussion • wazuh ubuntu linux wazuh-manager • • IRJ

      3
      3
      Votes
      3
      Posts
      1931
      Views

      IRJ

      @wirestyle22 said in Wazuh Manager Install - Ubuntu:

      A few things:

      The manager label is wrong. It says manger instead of manager.

      @IRJ said in Wazuh Manager Install - Ubuntu:

      Install Filebeat

      There are two entries for "Install Filebeat"

      I tried to install Filebeat going command by command and it can't find it.

      Thanks I fixed the guide.

      What you need to do is this:

      #*********************************************************** #Install GPG keys and add repository #*********************************************************** curl -s https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-6.x.list #*********************************************************** # APT Update #*********************************************************** sudo apt update #*********************************************************** #Install Filebeat #*********************************************************** sudo apt install -y filebeat=6.7.1 #*********************************************************** #Download Filebeat config file to forward logs #*********************************************************** sudo curl -so /etc/filebeat/filebeat.yml https://raw.githubusercontent.com/wazuh/wazuh/3.8/extensions/filebeat/filebeat.yml #*********************************************************** #Edit Filebeat config file to point to Elastic Server IP (In this lab environment I am using 127.0.0.1) #*********************************************************** sed -i 's/YOUR_ELASTIC_SERVER_IP/192.168.122.181/' /etc/filebeat/filebeat.yml #*********************************************************** #Start Filebeat service and configure it to automatically start at boot #*********************************************************** sudo systemctl daemon-reload sudo systemctl enable filebeat.service sudo systemctl start filebeat.service

      make sure to change 192.168.122.181 with your ip or localhost if you are using a single server for wazuh and ELK

    • IRJ

      Wazuh Agent Install - CentOS
      IT Discussion • wazuh centos linux • • IRJ

      4
      4
      Votes
      4
      Posts
      649
      Views

      travisdh1

      @JaredBusch said in Wazuh Agent Install - CentOS:

      Why are you disabling agent updates?

      Wazuh doesn't understand how to maintain their own repository, so when OSSIM updates their stuff, it breaks Wazuh. It's silly, easily fixable, and I don't have the time to maintain the thing myself.

    • IRJ

      Wazuh Agent Install - Ubuntu
      IT Discussion • wazuh linux ubuntu • • IRJ

      1
      2
      Votes
      1
      Posts
      828
      Views

      No one has replied

    • IRJ

      HIDS for Docker Host
      IT Discussion • wazuh docker hids intrustion dectection • • IRJ

      1
      1
      Votes
      1
      Posts
      138
      Views

      No one has replied

    • wrx7m

      Installing Java/JRE on Fedora 29 - Error Conflicting Requests
      IT Discussion • fedora29 java 8 jre rpm wazuh • • wrx7m

      23
      2
      Votes
      23
      Posts
      2639
      Views

      wrx7m

      @JaredBusch said in Installing Java/JRE on Fedora 29 - Error Conflicting Requests:

      @wrx7m said in Installing Java/JRE on Fedora 29 - Error Conflicting Requests:

      @JaredBusch said in Installing Java/JRE on Fedora 29 - Error Conflicting Requests:

      @wrx7m said in Installing Java/JRE on Fedora 29 - Error Conflicting Requests:

      @JaredBusch said in Installing Java/JRE on Fedora 29 - Error Conflicting Requests:

      @scottalanmiller said in Installing Java/JRE on Fedora 29 - Error Conflicting Requests:

      @wrx7m said in Installing Java/JRE on Fedora 29 - Error Conflicting Requests:

      OK. I found I could run

      yum install java-1.8.0-openjdk

      to install version 8. After that, I was able to install logstash successfully.

      Is there a reason that you want an old version?

      Also wtf are you using yum for?

      It's wazuh's documentation. They have specific repos for other things too. Not sure why they are still using yum instead of dnf.

      Pull your head out of your ass and don't blindly type what any guide says. Even one of mine.

      If you are using Fedora, you use dnf period. Yes, currently Fedora still has a reroute/alias for it to dnf, but you should not assume it will be there.

      8ab6bf8b-22c1-4b99-a848-c68040ee4a26-image.png

      #chilloutbro You can leave off the first part of that sentence and still provide a constructive answer.

      You need to think, and you, clearly, are not. So yeah, perfectly fitting.

      So if I didn't know, it has nothing to do with not thinking. I just didn't know. Now I do.

    • wrx7m

      Solved Wazuh - Agents.Error. globalAgent is null
      IT Discussion • wazuh fedora 28 • • wrx7m

      5
      2
      Votes
      5
      Posts
      496
      Views

      wrx7m

      @IRJ said in Wazuh - Agents.Error. globalAgent is null:

      @wrx7m said in Wazuh - Agents.Error. globalAgent is null:

      I didn't get the error when looking at the list of agents today. Looks like the update or reboot of the Wazuh server fixed it.

      I know this is a necropost, but it's good to mention that mismatched version of manager and agent will almost always cause issues. It is recommended to comment out the repository until you are ready to update agents and manager at the same time.

      That is interesting. I have been upgrading some of the agents on Linux systems when they are released, and later, upgrading the server side (I comment out/disable the repos for the server side, per their docs).

    • wrx7m

      Solved Wazuh on Fedora 28
      IT Discussion • wazuh fedora28 • • wrx7m

      10
      1
      Votes
      10
      Posts
      873
      Views

      JaredBusch

      @wrx7m said in Wazuh on Fedora 28:

      Thanks @JaredBusch

      That seems to have solved the initial problem. For other newbs - After disabling SELinux, you should reboot.

      Well, that depends on how you disable it.

    • NetworkNerd

      Wazuh and the ELK Stack - Check My Logic, Please
      IT Discussion • centos kibana wazuh centos 7 elk • • NetworkNerd

      3
      0
      Votes
      3
      Posts
      938
      Views

      NetworkNerd

      After asking the Wazuh employee I had been speaking to about Kibana 5.6.3, the GitHub repo was updated to include it.