SIEM Project Lab Setup | Part 5 | Install Wazuh OVA Appliance

In this multipart walkthrough series, I demonstrate how to get a virtual home lab setup that can be used to practice your cybersecurity skills. The home lab involves using a Security Information and Event Management (SIEM) system within Oracle VirtualBox. The SIEM that we are using for this lab is Wazuh, which also is what we are installing today. In my last article (which you can read here), I showed you how to download and install a pfSense router/firewall Virtual Machine (VM) onto VirtualBox.

Our virtual home lab is going to include two Linux VMs, a router/firewall, and a SIEM tool to help capture log activity generated by the other network components. Since we now have the aforementioned components, we are going to install the Wazuh Open Virtual Appliance (OVA), which according to Wazuh, contains: Amazon Linux 2, Wazuh Manager, Wazuh indexer, Filebeat-OSS and Wazuh dashboard. Compared to previous installs, this one actually doesn't involve as much work, which at this point in the series I'm sure you'll enjoy! With that in mind, lets do it!

?

Step 1: Go to google and type in "Wazuh OVA download"

?

?

Step 2: Click on Virtual Machine (OVA) - Installation Alternatives

?

?

Step 3: On the Wazuh download page, click the "virtual appliance (OVA)" link to download the OVA.

?

?

?Once the file downloads, I recommend you create a folder on your desktop and label it VirtualBox VMs so that you can easily locate it when it is time to load it into VirtualBox. If you created one when I recommended in previous VM installs, then you may move the OVA to the folder you already made.?

?

?Step 4: Open the Oracle VirtualBox Manager, click on File, Import Appliance.

Note: if this is the first article that you've read in this series and you don't have VirtualBox set up, you can go back to Part 1 of the series and it will help you set it up.

?

?Next, click on the folder icon with the upward facing green arrow. Locate your OVA file and then click Finish. It will take a minute or two for the OVA to import into VirtualBox.

?

The cool thing about this OVA is that there isn't much to configure. You just start the virtual machine and it pretty much does what its supposed to out of the box. There are one or two settings that we need to adjust in VirtualBox though, which we will do now.

Step 5: In VirtualBox Manager, click on the Wazuh OVA and then click the Settings icon near the top middle of the window.

?

?

Step 6: Click on Network, Adapter 1, then make sure that Adapter 1 is enabled. Click the dropdown next to "Attached to:" select Bridged Adaptor. Eventually we will change this to Internal Network, but for now, the Wazuh OVA has to have a real internet connection in order to set itself up properly. I'll explain more in a future article in this series.

?

Step 7: Still in the settings menu for the OVA, click on Display. Click the "Graphics Controller" dropdown and change it to "VMSVGA." The reason for this is that Wazuh says that the display will freeze up in the VM window if this setting isn't enabled. Once the Display is set to VMSVGA, click OK.

?

Step 8: Double click the Power button icon to turn on the VM

?

You'll notice a lot of setup scripts will auto run in the VM window. That’s perfectly normal. You may need an error or two as the OVA sets itself up but that’s normal as well and won't cause any issues.

Step 9: After a few moments you'll see the Welcome screen in the VM Window. The VM will display the default username and password. Go ahead and punch it in on the open login line. Make sure you type in "wazuh-user" including the dash "-" between "wazuh" and "user" or your login will fail. Be aware that the password field won't show what you're typing in, that is normal.

?Note: when you click the virtual machine to type in credentials or commands, your mouse pointer will vanish. To get it back so that you can use your mouse pointer with your computer, just press the Ctrl button on the right side of your keyboard, which is probably two buttons below your "Enter" key.

?

Step 10: Once you first login, the Wazuh VM will let you know that updates are available and to type in "sudo yum update" to apply the updates. Go ahead and punch in "sudo yum update" all in lowercase, then press Enter.

A bunch of scripts will run, then it will ask "Is this ok [y/d/N]:" Type "y" for "yes" and then press Enter. Once again, you'll see a bunch of scripts run, feel free to sit back and let it do what it needs to do for a few moments.

Once you see the word "Complete!" on the bottom left of the console as you see below, Wazuh has been successfully installed! Nice work!

?

?

As mentioned earlier, that is pretty much it as far as getting the Wazuh server installed. In my next article we are going to get a network diagram drawn up with the help of Draw.io and we will go ahead and create a subnet to get the network fully up and running! Feel free to share in the comments if you're having any trouble.

I also hope that you got a lot of value out of this walkthrough. If you did, please consider sharing this article with someone who you think could also get value out of this presentation today.

I hope you all have a wonderful day and feel free to check out the next part of the series below!