Skip to content

Re-add SIEM #170

New issue
New issue
Closed
Closed
Re-add SIEM#170
Assignees
Mafyuh
@Mafyuh

Description

@Mafyuh
Mafyuh
opened on Apr 18, 2025 · edited by Mafyuh

Wazuh used to be installed but I never used so got rid of. Does need at least 2 core and 2GB RAM, recommended is 8 cores and 4GB RAM

Agents will need to reconfigured on physical machines, integrated into Cloud-init or Packer templates for VM's

Can use Prometheus + Grafana for metrics instead of Wazuh dashboard https://github.com/pyToshka/wazuh-prometheus-exporter

Activity

Mafyuh
added this to @Mafyuh's IaCon Apr 18, 2025
Mafyuh
moved this to Backlog in @Mafyuh's IaCon Apr 18, 2025
Mafyuh
self-assigned this
on Apr 18, 2025
Mafyuh
moved this from Backlog to Done in @Mafyuh's IaCon Apr 20, 2025
Mafyuh
closed this as completedby moving to Done in @Mafyuh's IaCon Apr 20, 2025
Mafyuh

Mafyuh commented on Apr 20, 2025

@Mafyuh
Mafyuh
on Apr 20, 2025
OwnerAuthor

Wazuh re-added, have most hosts setup as agents already and cleared out some easy CVE's

For Windows + VirusTotal
https://documentation.wazuh.com/current/proof-of-concept-guide/detect-remove-malware-virustotal.html#configuration-for-the-windows-endpoint

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

No labels
No labels

Projects

@Mafyuh's IaC

Status

Done

Milestone

No milestone

Relationships

None yet

    Development

    No branches or pull requests

      Participants

      @Mafyuh

      Issue actions
        Re-add SIEM · Issue #170 · Mafyuh/iac