![]() That can be done by executing so-wazuh-agent-manage and adding an agent and then extracting the generated key so we can use it on the agent to import the agent’s configurations from the server. Wazuh on Windowsīefore installing Wazuh, we need to create a client entry using the Wazuh manager. Elasticsearch forwarder is not pre-configured so it doesn’t matter where you download it from. SOS offers partially configured agents, which will save time configuring them. We can download them from the vendor’s website but I recommend downloading them from SOS’s download page. First, we need to download Wazuh and Fleet with OSquery agents. We will start by installing OSquery, Wazuh on Windows. We will not need to download any external tools for our Linux distribution since SIFT workstation should be enough for most of our practice. For Linux instances, SIFT VM should have many handy Linux tools. Since Sysinternals tools don’t cover everything we need, we will also go over some of NirSoft utilities utilities as DriverView and FolderChangesView FolderTimeUpdate, Registr圜hangesView, and ServiWin, and at the end, I will briefly describe how each one can be useful. After that, we will download Windows Sysinternals Suite, and I will briefly describe how Procmon, Process Explorer, TCPView, and Autoruns can be useful. For Windows instances, we will install Flare-VM scripts, which will give us convenient tools that can help us with our malware analysis and incident response practices. Moving on, we will start weaponizing our Windows instance and Linux. After finishing configuring each instance, we will have an overview of what we have done from a network perspective. We will also go over the procedures of connecting on the Fleet server with each instance manually and using the Fleet launcher. Then, we will configure the Wazuh agent on Linux distributions manually. We will also go over the process of creating Wazuh, creating agent entries, and extracting their keys so it can be used by Windows and Linux instances to import the server’s data. We will structure the right firewall rules on each instance, pfSense, and Security Onion Solutions. We will go through the process of installing and configuring Kolide Fleet agent, OSquery, Wazuh, and rsyslog on Windows instances and Ubuntu. In this part, we will work with Kolide Fleet agent, OSquery, and Wazuh.
0 Comments
Leave a Reply. |