Complete SIEM Deployment in One Go: First Steps in Threat Hunting Using Wazuh and ELK (Basics)

Hello, this is Zeromini.

For additional reference, here is a brief overview of Wazuh deployment and SOAR implementation in a Docker environment.

I'm sharing this with you, so please use it as a reference for your studies.

We will upload the relevant utilization lecture later.

Hello, this is Zeromini

Please refer to the blog below to effectively perform threat hunting using the basic rules provided by Wazuh + Chainsaw + SigmaRule, and check the results in ELK through Wazuh Agent.

https://socfortress.medium.com/wazuh-and-chainsaw-integration-for-near-real-time-sigma-detection-6f3e729e892

Hello, this is Zeromini

This is a blog that briefly summarizes how to build a system using open source. Please take a look.

thank you

Reference links:

https://larbi-ouiyzme.medium.com/maximizing-cybersecurity-with-open-source-and-hybrid-solutions-a-guide-for-blue-teams-ff622102f58e

This content was shared by our student (Airman) regarding troubleshooting.

Troubleshooting Summary: When installing Linux, the installation is in 'English' ( unattended.sh (shell script) does not work properly due to encoding and other problems)

In the middle of the class, I'm asked to perform an unattended installation by executing the command below, but the installation stops with an error "If you installed Ubuntu in a language other than English." curl -so ~/ unattended-installation.sh https://packages.wazuh.com/resources/4.2/open-distro/unattended-installation/unattended-installation.sh && bash ~/ unattended-installation.sh -i Terminal output: No operand on line 332 in the shell script ~ Cause of the problem: In line 331 of the shell script, there is a content that says to find the string called Mem by executing the free -g command and find the value of the second argument there, but "This is because it cannot be found if the system language is installed in a language other than English, and an error occurs." First, as a solution, install Ubuntu in English from the beginning. If you installed Ubuntu in a different language, it is recommended to change it to English through the process below and execute the curl ~~ command. Use the locale -a command to find if en_US.UTF-8 exists.

If there is) sudo update-locale LANG=en_US.UTF-8

If not, run sudo locale-gen en_US.UTF-8 and then run sudo update-locale LANG=en_US.UTF-8

Apply system changes without rebooting*

Finally, whether or not there is one, run the following command: source /etc/default/locale

Of course, I could change the script content to free -g | awk 'NR==2{print $2}' without changing the language, but I don't want to go through the trouble of finding the corresponding content in the shell script. After the failure error appears, why don't I just run it again by adding the overwrite option like bash ~/ unattended-installation.sh -i —overwrite? But this also means "In the end, the clean installation didn't go well, so I keep getting an error saying that something was not installed."

• The solution was shared by a student in the lecture, 'CP'.

• If it doesn't work, you can solve it by following the method below.
  
  Go to Edit > Virtual Network Editor and select the network you are currently using instead of automatic for bridged to.