SIEM tools

On this page I'll show you a quickwalkthrough of how I got my own home SIEM setup on my home server.

I'll be using a linux container on the home server because they are effectively headless state virtual OS's which means they require much less resources to run.

The only downside to a headless container is there is no GUI so everything has to be done on the Command Line (CLI)

So first thing was the initial setup of the container

I decided to use Ubuntu 22.04 as that is recommended with Wazuh

After checking the recommended requirements I decided on 50GB of Storage for my Wazuh Container (should be ample sotrage space to save security logs)

I did read that only 2 are needed to run but I chose 4 to ensure a smooth operation

Wazuh recommends that with a 4core setup and 50GB Storage that 8GB of RAM is best

As I was just setting this up to study and learn the system I stuck with a DHCP system thankfully I can always change this later.

And here we have the final page of the setup

Now another reason I prefer to use LXC Linux containers for these types of services is simply there is no need to go through all the setup of installing and setting up the Operating System because it's headless it simply runs the CLI from the very boot.

After this was the setup of the Wazuh server inside the container

This is where the CLI knowledge comes in handy.

First step obviously is to perform

apt update && apt upgrade -y

This updates and upgrades all the respoitories currently attached to the container (note I didn't need to use the sudo command because these containers are automatically setup and signed in as a root user.

After this was to run the command

apt install curl (just in case curl wasn't already installed)

then after that had finished I ran the command

curl -sO https://packages.wazuh.com/4.5/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

This command downloads, installs and starts the Wazuh service

At the end it should give a command saying that it's finished and will give you a username and password in order to access the Wazuh Dashboard in a web browser

And here is the main login screen for the Wazuh Dashboard from there is was a simple matter of sign in and setup with the computers I want to manage and check.

And there we have my Wazuh agent setup up and running and has already started to check for vulnerabilities (having turned the feature on) and is reporting on any registry changes, user account changes and even checks for and monitors file changes across my systems.

Page updated

Google Sites

Report abuse