Scribd
Upload
73 views15 pages

1.SIEM Deployment

Uploaded by

Laura kiyuna
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
73 views15 pages

1.SIEM Deployment

Uploaded by

Laura kiyuna
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

SIEM Deployment

Wazuh AIO Under


Debian

With Ali Ali


SIEM Installation
Wazuh AIO Under Debian.V12:

1. Download and run the Wazuh installation assistant script:


# curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo
bash ./wazuh-install.sh –a
2. The following error may appear when installing to Debian, The sudo
package must be downloaded

# apt install sudo


SIEM Installation
Wazuh AIO Under Debian :

# curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo


bash ./wazuh-install.sh –a
3. After that, we execute the command and the message “The current
system does not match this list” appears when using the Debian OS

4. This error can be solved by ignore checking the matching list using -i
option
# curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo
bash ./wazuh-install.sh -a -i

5. After executing the command, the command will install The:


--- Configuration files ---
--- Wazuh server ---
--- Wazuh dashboard ---
SIEM Installation
Wazuh AIO Under Debian :
SIEM Installation
Wazuh AIO Under Debian :

5. When finish installing, we could check the status of using this command:
# systemctl status wazuh-manager
SIEM Installation
Wazuh AIO Under Debian :

6. Logging to Wazuh Dashboard:


SIEM Installation
Wazuh AIO Under Debian
Install Agent

7. Deploying Wazuh agents on Linux (Debian)


 First: through commands from link https://documentation.wazuh.com/current/installation-
guide/wazuh-agent/wazuh-agent-package-linux.html

 Install the GPG key:


# curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-
default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg
-- import && chmod 644 /usr/share/keyrings/wazuh.gpg
 An error may appear indicating that the gpg package not
found, this can be installed as follow
# apt install gpg –y
 Install required gpg
# curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg
--no- default-keyring --keyring gnupg-
ring:/usr/share/keyrings/wazuh.gpg -- import && chmod 644
/usr/share/keyrings/wazuh.gpg
SIEM Installation
Wazuh AIO Under Debian
Install Agent

 Add the repository:


# echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg]
https://packages.wazuh.com/4.x/apt/ stable main" | tee -a
/etc/apt/sources.list.d/wazuh.list
 Update the packages resource information:
# apt-get update
SIEM Installation
Wazuh AIO Under Debian
Install Agent

 Run the Agent installation command as follow:


# WAZUH_MANAGER="10.0.30.61" WAZUH_AGENT_NAME=”deb-test” apt
install wazuh-agent

 Enable and start the Wazuh agent service


# systemctl daemon-reload
# systemctl enable wazuh-agent
# systemctl start wazuh-agent
# systemctl status wazuh-agent
SIEM Installation
Wazuh AIO Under Debian :
SIEM Installation
Wazuh AIO Under Debian
Install Agent

• Deploying Wazuh agents (Debian 10) by download the .deb package


directly and install it with the required env parameters:
• From Wazuh:
 Deploy new agent, select DEB amd64, Server address:
Assign a server address:10.0.30.61
 Optional settings: Assign an agent name:deb1010-test
 After that wazuh generate command commands to
download and install the agent
 run the following command on Linux host:
# Wget
https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-
agent/wazuh- agent_4.7.2-1_amd64.deb && sudo
WAZUH_MANAGER='10.0.30.61' WAZUH_AGENT_NAME='deb10-test'
dpkg -i ./wazuh-agent_4.7.2-1_amd64.deb
SIEM Installation
Wazuh AIO Under Debian :

 Start the agent:


# sudo systemctl daemon-reload
# sudo systemctl enable wazuh-agent
# sudo systemctl start wazuh-agent

8. Agent windows10:
 From Wazuh, Deploy new agent, select windows, Server address:
Assign a server address:10.0.30.61
 Optional settings: Assign an agent name:win10-test
 After that wazuh generate command commands to download and
install the agent
 run the following command on Windows 10 host using PowerShell
running as Administrator
Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-
agent-4.7.2-1.msi -OutFile ${env.tmp}\wazuh-agent; msiexec.exe /i
${env.tmp}\wazuh-agent /q WAZUH_MANAGER='10.0.30.61'
WAZUH_AGENT_NAME='win10-test' WAZUH_REGISTRATION_SERVER='10.0.30.61'
SIEM Installation
Wazuh AIO Under Debian :

 On Power-shell, The command


Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-
agent-4.7.2-1.msi -OutFile ${env.tmp}\wazuh-agent; msiexec.exe /i
${env.tmp}\wazuh-agent /q WAZUH_MANAGER='10.0.30.61'
WAZUH_AGENT_NAME='win10-test'
WAZUH_REGISTRATION_SERVER='10.0.30.61'
 Start the agent:
# NET START WazuhSvc
It’s NOT BUSINESS, It’s Very PERSONAL
Questions

Ali Ali

You might also like