VIDEO
HIGHLIGHT
Log InSign up
you need this FREE CyberSecurity tool
SummaryTranscriptChat

you need this FREE CyberSecurity tool

Introduction to Waza - A Powerful Cybersecurity Tool

In this section, the speaker introduces Waza, a cybersecurity tool that is free and open source. The speaker highlights its benefits and emphasizes the importance of deploying it for both learning about hacking and security, as well as protecting one's data.

Key Points:

  • Waza is a free and open-source cybersecurity tool that offers both protection and learning opportunities.
  • Deploying Waza involves setting up a server and agents on various devices.
  • Agents act as "tattletales" by providing information about security configurations and potential vulnerabilities.
  • Waza can track changes in directories, files, documents, and even the Windows registry.
  • All device information is sent to a central server for easy monitoring.
  • Alerts can be received via email or Slack, allowing for active response to potential threats.

Benefits of Using Waza

In this section, the speaker discusses the additional benefits of using Waza beyond just protection. They highlight how using Waza can lead to valuable learning experiences in cybersecurity and potentially enhance one's resume.

Key Points:

  • Using Waza not only protects data but also provides an opportunity to learn more about cybersecurity.
  • The experience of using Waza can be addictive due to its effectiveness and educational value.
  • Running a personal SIEM (Security Information and Event Management) like Waza can be an impressive addition to one's resume.

Requirements for Deploying Waza

This section outlines the requirements for deploying Waza. It mentions the need for a Linux server or computer as well as something to monitor (other computers). Various deployment options are discussed, including cloud-based solutions like Ubuntu on Leno, on-premises installations, and Docker containers.

Key Points:

  • To deploy Waza, a Linux server or computer is required.
  • Most flavors of Linux are supported, with Ubuntu being the example used in the video.
  • Cloud-based deployment options like Leno are recommended for ease of monitoring and setup.
  • On-premises installations and Docker containers are also viable options.

System Requirements for Waza Server

This section provides an overview of the system requirements for running the Waza server. The speaker mentions minimum requirements as well as recommendations based on the number of devices and logs to be collected. They also humorously emphasize the importance of coffee while using Waza.

Key Points:

  • Minimum system requirements for the Waza server include 2GB RAM and 2 CPU cores.
  • For larger deployments or extensive log collection, it is recommended to have 4GB RAM and 8 CPU cores.
  • Coffee is humorously mentioned as an essential requirement for using Waza.

Deploying Waza on LE Node Cloud

In this section, the speaker demonstrates how to deploy Waza on LE Node cloud. They highlight LE Node's user-friendly interface and mention that new users can enjoy free access for the first 60 days along with a $100 credit.

Key Points:

  • LE Node is recommended as a cloud provider due to its ease of use and reliability.
  • New users can enjoy free access to LE Node for 60 days along with a $100 credit.
  • Deploying virtual machines like Waza on LE Node is straightforward through their marketplace.

Configuring Waza Deployment on LE Node Cloud

This section focuses on configuring the deployment of Waza on LE Node cloud. The speaker walks through the configuration steps, including providing an email address, setting up SSL certificates, creating a pseudo user account, selecting an image (Ubuntu), and choosing the appropriate virtual machine plan.

Key Points:

  • Configuration steps for deploying Waza on LE Node cloud include providing an email address and setting up SSL certificates.
  • A pseudo user account is created for authentication purposes.
  • Ubuntu is selected as the image for deployment.
  • The appropriate virtual machine plan should be chosen based on the desired performance and resources required by Waza.

Choosing the Right Virtual Machine Plan

In this section, the speaker discusses the importance of selecting an appropriate virtual machine plan for running Waza. They recommend opting for a more powerful plan if there are many devices to monitor or extensive log collection requirements.

Key Points:

  • For optimal performance with Waza, it is recommended to choose a virtual machine plan that provides sufficient resources.
  • If there are many devices to monitor or extensive log collection requirements, a more powerful virtual machine plan should be selected.

Timestamps have been associated with bullet points where available.

Introduction and Overview

The speaker introduces the topic and mentions that they will walk through the process. They express excitement about using Docker for deployment.

Introduction to Docker Deployment

  • The speaker mentions that they will explain the process of deploying with Docker.
  • They express enthusiasm for Docker and its ease of use.

Deploying with Docker Compose

The speaker explains the next steps in deploying with Docker Compose.

Deploying with Docker Compose

  • The speaker mentions that the next step is to use the docker-compose command.
  • They explain that adding the -up option will launch it in the background.
  • This step is described as easy and completes the deployment process.

Confirming Deployment

The speaker confirms the successful deployment by checking docker stats.

Checking Deployment Status

  • The speaker suggests typing docker stats to get a real-time view of running containers.
  • This step helps confirm that the deployment was successful.

Accessing Dashboard

The speaker demonstrates how to access the dashboard after deployment.

Accessing Dashboard

  • The speaker instructs to go to the network tab on a specific dashboard.
  • They mention finding a reverse DNS name in the IP addresses section.
  • Copying this name, opening a new tab, and pasting it with "https://" allows access to the dashboard.
  • A self-signed certificate error may appear, but it can be bypassed safely.
  • Logging in requires using default credentials provided by the video.

Installing Agents

The speaker explains how to install agents for monitoring.

Installing Agents

  • The speaker demonstrates adding agents by clicking on "add agent" in the dashboard.
  • They select the option to deploy a new agent and start with a Linux host.
  • The server address is provided, which can be an IP address or reverse DNS name.
  • Naming the agent and selecting a group are optional steps.
  • A command is given to install the agent, which is copied and pasted into the terminal.

Enabling Agent as Service

The speaker explains how to enable the installed agent as a service.

Enabling Agent as Service

  • The speaker mentions that enabling the agent as a service is necessary.
  • A command is provided for enabling it using system CTL commands.
  • After executing these commands, the agent becomes active as a service.

Adding Windows Agent

The speaker demonstrates adding a Windows agent for monitoring.

Adding Windows Agent

  • The speaker shows how to add another agent by deploying a new one specifically for Windows.
  • They mention that even though there are options for older versions like Windows XP, they will use Windows 7 or later.
  • Similar steps are followed, including providing server address and naming the agent.
  • A PowerShell command is given for installing the Windows agent, which needs to be run with administrator privileges.

Conclusion

The speaker concludes by mentioning that two machines have been added successfully and expresses interest in adding more.

New Section

In this section, the speaker introduces the concept of agents and their role in collecting information for cybersecurity purposes. They also mention the ability to customize and expand the functionality of these agents.

Exploring Agents

  • Clicking on an agent allows users to see its details and capabilities.
  • Agents can be set up to collect information and learn about cybersecurity.
  • Users have the option to enable additional modules, set up alerts, and monitor various aspects of security.

File Monitoring through Windows

  • The speaker demonstrates file monitoring as a powerful feature within WASA Incense.
  • The WASA dashboard provides an overview of different modules that can be accessed.
  • By clicking on "Agents," users can explore agent-specific settings and functionalities.
  • Within the "Integrity Monitoring" module, users can monitor files for changes and receive real-time notifications.
  • The inventory feature scans default files in directories and registry keys.

Configuring File Integrity Monitoring

  • Users can modify the configuration file for an agent to specify directories for monitoring files.
  • Adding options such as real-time alerts, reporting changes, and checking all files enhances monitoring capabilities.
  • After saving the configuration file, restarting the service ensures the changes take effect.

The transcript provided does not include timestamps for some sections mentioned in the instructions (e.g., timestamps for subtopics within the "Exploring Agents" section).

Creating a New Text Document

The speaker explains how to create a new text document on their desktop.

Creating a New Text Document

  • To create a new text document, the speaker goes to their desktop.
  • They add a new file and select "New Text Document".

Brute Forcing Login Credentials

The speaker demonstrates how to use brute force to attempt login with the username "Bernard Hackwell" using Kali Linux.

Brute Forcing Login Credentials

  • The speaker launches their Kali Linux machine and uses Hydra for brute forcing.
  • They enter the username "Bernard Hackwell" and initiate the attack.
  • Checking the logs under Security Events, they confirm that the attempted login was made by "Bernard Hackwell".

Implementing Active Response

The speaker explains how to configure active response in order to block an attacker after failed login attempts.

Implementing Active Response

  • In the Wazuh server configuration, under Edit Configuration, they locate the section for active response.
  • They copy the configuration from the documentation, which includes firewall drop commands based on triggered rules.
  • By checking previous security events, they identify the rule ID (5710) that was triggered during the brute force attempt.
  • They update the configuration with this rule ID and set a timeout of 180 seconds for blocking attackers.
  • After saving and restarting the manager, they test logging in again with Bernard Hackwell's credentials and observe that active response blocks them for 180 seconds.

Enabling Vulnerability Detection

The speaker demonstrates how to enable vulnerability detection in Wazuh.

Enabling Vulnerability Detection

  • In Wazuh management configuration, under Edit Configuration, they search for "vulnerability detector".
  • They change the enabled status to "yes" and save the configuration.
  • After restarting the manager, they restart the service on both Windows and Linux machines to apply the changes.

The transcript is already in English.

New Section

This section discusses the default configuration of agents on the Waza server.

Default Configuration of Agents

  • The system, on the Waza server, has the agents configured by default.

Please note that this is a placeholder example and should be replaced with actual content from the transcript.

Video description

The Wazuh Marketplace app was temporarily hidden in Cloud Manager v1.98.0 while they investigate and resolve a critical error resulting in broken deployments. It should be back real soon! Deploy Wazuh in the cloud with Linode: https://ntck.co/linode (Get $100 for 60 days as a new user!!) In this video, we discuss the best free cybersecurity tool you need to try: Wazuh. This open-source Security Information and Event Management (SIEM) system is the ultimate tool to help you protect your devices and networks like a cybersecurity expert. We'll show you how to deploy Wazuh, monitor changes to files and the Windows registry, detect unauthorized processes, and more. Plus, we'll discuss the importance of understanding blue team defense and how Wazuh can help you become a cybersecurity expert. LINKS: --------------------------------------------------- -WAZUH OVA INSTALL: https://documentation.wazuh.com/current/deployment-options/virtual-machine/virtual-machine.html?highlight=ova -Wazuh DOCKER Documentation: https://documentation.wazuh.com/current/deployment-options/docker/wazuh-container.html -NetworkChuck Windows fundamentals course: https://ntck.co/wf 🔥🔥Join the NetworkChuck Academy!: https://ntck.co/NCAcademy **Sponsored by Linode Cloud Computing from Akamai SUPPORT NETWORKCHUCK --------------------------------------------------- ➡️NetworkChuck membership: https://ntck.co/Premium ☕☕ COFFEE and MERCH: https://ntck.co/coffee Check out my new channel: https://ntck.co/ncclips 🆘🆘NEED HELP?? Join the Discord Server: https://discord.gg/networkchuck STUDY WITH ME on Twitch: https://bit.ly/nc_twitch READY TO LEARN?? --------------------------------------------------- -Learn Python: https://bit.ly/3rzZjzz -Get your CCNA: https://bit.ly/nc-ccna FOLLOW ME EVERYWHERE --------------------------------------------------- Instagram: https://www.instagram.com/networkchuck/ Twitter: https://twitter.com/networkchuck Facebook: https://www.facebook.com/NetworkChuck/ Join the Discord server: http://bit.ly/nc-discord 0:00 ⏩ Intro 1:31 ⏩ what do you need?? 2:31 ⏩ Installing Wazuh in the Cloud 5:11 ⏩ let’s see if our wazuh is ready 6:23 ⏩ Wazuh Docker Installation 9:43 ⏩ Adding agents in Wazuh 13:27 ⏩ secure configuration assessment 14:39 ⏩ security events 14:52 ⏩ vulnerabilities 15:25 ⏩ Windows hosts - integrity monitoring 16:38 ⏩ FIRST: file monitoring through windows 20:41 ⏩ changing the interval 23:06 ⏩ key changes 23:56 ⏩ SECOND: Actions 25:06 ⏩ Active response 27:44 ⏩ Vulnerabilities 29:13 ⏩ Slack Alerts 31:29 ⏩ Outro AFFILIATES & REFERRALS --------------------------------------------------- (GEAR I USE...STUFF I RECOMMEND) My network gear: https://geni.us/L6wyIUj Amazon Affiliate Store: https://www.amazon.com/shop/networkchuck Buy a Raspberry Pi: https://geni.us/aBeqAL Do you want to know how I draw on the screen?? Go to https://ntck.co/EpicPen and use code NetworkChuck to get 20% off!! fast and reliable unifi in the cloud: https://hostifi.com/?via=chuck Wazuh is an open-source Security Information and Event Management (SIEM) system. Wazuh can help protect your devices and networks like a cybersecurity expert. This video discusses the best free cybersecurity tool - Wazuh. You'll learn how to deploy Wazuh, monitor changes to files and the Windows registry, detect unauthorized processes, and more. This video covers the importance of understanding blue team defense and how Wazuh can help you become a cybersecurity expert. Wazuh is the ultimate security tool for monitoring changes to files, the Windows registry, and detecting unauthorized processes. By deploying Wazuh, you can become a cybersecurity expert and protect your devices and networks from cyber attacks. Wazuh uses the Mitre attack framework, compliance, SCA, and security events to help you protect your devices and networks. Wazuh's slack integration enables you to stay up-to-date with alerts and active responses. #wazuh #cybersecurity #free