Introduction to Wazuh

Wazuh is a type of SIEM (Security Information and Event Management) tool.

It is free and open source, and it can help users learn about hacking and security while also protecting their devices.

Deploying the tool is very simple: you just install a server and then deploy agents to all of the user’s computers and servers, regardless of the operating system (Mac, Windows, Linux).

The tasks of the agents are:

• Checking for security configuration and misconfiguration on the devices.
• Checking for known vulnerabilities and malware on the devices.
• Tracking changes to directories and files on the devices, including the Windows registry.

The tasks of the server are to collect and display all the information from the agents and alert the user via email Slack or other methods.

The tool can perform active response, which means taking actions in response to detected threats, such as blocking an IP address that is trying to brute-force attack the user’s device.

This is the TLDR of this amazing tutorial:

https://www.youtube.com/watch?v=3CaG2GI1kn0&ab_channel=NetworkChuck