[Security] Building and Operating a Threat Hunting System Using Wazuh+ELK (SIEM) (Basic)
[Training for Security Experts] Master how to build and operate an optimized threat hunting system by combining Wazuh and the ELK stack. Upgrade your security skills with strategies and hands-on exercises that can be applied directly in the field!
140 learners
Level Basic
Course period Unlimited
News
5 articles
Hello, this is Zeromini.
For additional reference, here is a brief overview of Wazuh deployment and SOAR implementation in a Docker environment.
I'm sharing this with you, so please use it as a reference for your studies.
We will upload the relevant utilization lecture later.
Hello, this is Zeromini
Please refer to the blog below to effectively perform threat hunting using the basic rules provided by Wazuh + Chainsaw + SigmaRule, and check the results in ELK through Wazuh Agent.
Hello, this is Zeromini
This is a blog that briefly summarizes how to build a system using open source. Please take a look.
thank you
Reference links:
This content was shared by our student (Airman) regarding troubleshooting.
Troubleshooting Summary: When installing Linux, the installation is in 'English' ( unattended.sh (shell script) does not work properly due to encoding and other problems)
In the middle of the class, I'm asked to perform an unattended installation by executing the command below, but the installation stops with an error "If you installed Ubuntu in a language other than English." curl -so ~/ unattended-installation.sh https://packages.wazuh.com/resources/4.2/open-distro/unattended-installation/unattended-installation.sh && bash ~/ unattended-installation.sh -i Terminal output: No operand on line 332 in the shell script ~ Cause of the problem: In line 331 of the shell script, there is a content that says to find the string called Mem by executing the free -g command and find the value of the second argument there, but "This is because it cannot be found if the system language is installed in a language other than English, and an error occurs." First, as a solution, install Ubuntu in English from the beginning. If you installed Ubuntu in a different language, it is recommended to change it to English through the process below and execute the curl ~~ command. Use the locale -a command to find if en_US.UTF-8 exists.If there is) sudo update-locale LANG=en_US.UTF-8
If not, run sudo locale-gen en_US.UTF-8 and then run sudo update-locale LANG=en_US.UTF-8
Apply system changes without rebooting*
Finally, whether or not there is one, run the following command: source /etc/default/locale
Of course, I could change the script content to free -g | awk 'NR==2{print $2}' without changing the language, but I don't want to go through the trouble of finding the corresponding content in the shell script. After the failure error appears, why don't I just run it again by adding the overwrite option like bash ~/ unattended-installation.sh -i —overwrite? But this also means "In the end, the clean installation didn't go well, so I keep getting an error saying that something was not installed."
The solution was shared by a student in the lecture, 'CP'.
If it doesn't work, you can solve it by following the method below.
Go to Edit > Virtual Network Editor and select the network you are currently using instead of automatic for bridged to.
