Wazuh Installation Simplified: A Beginner’s Guide to Securing Your Systems

Greetings, esteemed members of the cybersecurity community.

I am Rajeev Gaddam, a security researcher with a passion for exploring the intricacies of the cybersecurity domain, with the goal of developing innovative security solutions. I have embarked on an exciting journey into the realm of academic publishing and am eager to share my research with the world. As a novice in this field, I humbly seek your valuable insights and guidance to further refine my work. Your expertise and perspectives would be invaluable in shaping my contributions to the cybersecurity landscape.

In this blog post, we will discuss how to install and configure Wazuh on different operating systems. Wazuh is a free and open-source security monitoring solution that can be used to detect and prevent security threats.

Introduction to wazuh

Wazuh is a free and open-source security monitoring solution that can be used to detect, prevent, and respond to security threats. It provides a comprehensive set of security features, like Log management, Intrusion detection, Vulnerability management, Security compliance. Wazuh is a powerful tool that can help you to improve the security of your systems. It is easy to install and configure, and it provides a comprehensive set of security features.

Installation of wazuh

• Download the OVA file by clicking here.
• After downloading, right-click on the downloaded Wazuh OVA file and select “Open with VMware Workstation” to import it into VMware Workstation.

• This window will be displayed.

• Give the name and location.

• It will start importing wazuh.

• The Wazuh virtual machine has been created successfully.

• Power on the virtual machine.

• It will provide the credentials. Use those credentials to log in to the Wazuh server.

• This is the Wazuh interface after logging in.

• Now open another VM that is on the same network.
• Open any browser and type the https://<IP Address of wazuh>, click on Hide advanced then click on to <ip> (unsafe)

• The Wazuh login page is displayed. Enter the username and password as “admin.”

• After logging in to Wazuh, the Wazuh Dashboard is displayed.

Deploying the Agent on windows

• Click the down arrow next to “wazuh” and select “Agents.”

• Click on Windows option.

• Give the wazuh server IP address.

• Give the Agent name and select one or more existing groups as default.

• Copy command.

• On the Windows machine where you intend to install the agent, open PowerShell with administrator privileges. Then, paste the copied command into the PowerShell window.

• Similarly, copy the start the agent command.

• Paste it in Powershell.

• Click on Close.

• The agent has been added to the Wazuh dashboard and its status is active.

Deploying Agent on Ubuntu

• Navigate to the Agent page and click Deploy new agent.

• Under the Linux, select DEB amd64 option.

• Give wazuh server IP address.

• Assign the agent's name and select one or more existing groups as defaults.

• Copy the command.

• On the Ubuntu machine where you intend to install the agent, open terminal with root privileges. Then, paste the copied command into the terminal.

• Now copy the commands to start the agent.

• Paste the commands in the terminal to start the wazuh agent.

Thank you for reading and following the guide this far. You can place your queries and concerns in the comment section below.

Enjoy Learning!