?? Cybersecurity Home Lab with Wazuh! ??

In today's rapidly evolving digital landscape, cybersecurity is more critical than ever. That's why I'm excited to share with you the power of Wazuh, an open-source security monitoring platform that I've been exploring.

?? What is Wazuh? ?? Wazuh provides real-time threat detection, intrusion detection, vulnerability detection, and security information and event management (SIEM) capabilities. It helps organizations stay one step ahead of cyber threats and provides the peace of mind needed in our interconnected world.

?? Key Features ??

• Real-time threat detection and analysis.
• Centralized log analysis for complete visibility.
• Easy integration with existing security tools.
• Extensible and open-source nature for customization.
• Continuous development and a vibrant community.

?? Quick way to set it up??

1. Download an Ubuntu VM and spin it up, remember to sync the date/time to NTP
2. Install docker, #apt install docker.io
3. Start Docker and enable it to run at boot time,#systemctl start docker ,#systemctl enable docker
4. Install Docker Compose, #curl -L "https://github.com/docker/compose/releases/download/1.28.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose, #chmod +x /usr/local/bin/docker-compose, #sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose, #docker-compose --version
5. Configure Parameters, #sysctl -w vm.max_map_count=262144
6. Clone the Repo, #git clone https://github.com/wazuh/wazuh-docker.git -b v4.2.6 --depth=1, cd into the Wazuh folder
7. Generate Certificates. We need to generate SSL Certs to secure Elasticsearch, Kibana, and Nginx traffic. Elasticsearch, #docker-compose -f generate-opendistro-certs.yml run --rm generator. Kibana, #bash ./production_cluster/kibana_ssl/generate-self-signed-cert.sh. Nginx, #bash ./production_cluster/nginx/ssl/generate-self-signed-cert.sh
8. We are now ready to deploy 1 Wazuh Master, 1 Wazuh Worker, 3 Elasticsearch nodes, 1 Kibana instance and 1 Nginx instance, #docker-compose -f production-cluster.yml up -d
9. Now do an ifconfig and see what is the main IP address of the VM
10. Open a browser, and browse to https://<ip address of your VM>. You will be given warning about the self signed cert, get pass that and then login to Wazuh with credential admin/SecretPassword

I've been impressed with Wazuh's capabilities, and I encourage all my fellow cybersecurity enthusiasts to explore how it can strengthen your defense strategies. Let's keep our digital world safe together! ??

#Cybersecurity #ThreatDetection #Wazuh #SecurityMonitoring