Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments.
The Wazuh agent is multi-platform and runs on the endpoints that the user wants to monitor. It communicates with the Wazuh server, sending data in near real-time through an encrypted and authenticated channel.
- Wazuh Agent Manager
- Wazuh Server
- Make sure wazuh agent & server are in same network
To Deploy agent type followings commands in terminal, /var/ossec/bin/manage_agents and select A to add new agent.
Figure (1)
Add device name & ip address to add agent. After adding it type Y to confirm.
Figure (2)
We need to generate authentication keys select E and type agent id im this case 003 and we got a keys & copies it.
Figure (3)
We need to install Wazuh Agent Manager by clicking next with easily. After installed it add Wazuh Server IP & authentication keys and click save.
Figure (4)
Click on Manage & start Wazuh Agent Manager to parse log data.
Figure (5)
In our Wazuh Server, new agents was deployed.
Figure (6)
In this tutorial, Windows Wazuh Agent Deployment is demostrated. Do more Practice and Expert it!.
3/27/2024
Contributed By - Jord@n