Along with my Pi-hole and PiVPN, I decided to set up a SIEM1 server of my own.
There are quite a lot of options for SIEM tools out there. Among them all, I decided to go with Wazuh2.
Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments.
Wazuh helps organizations and individuals to protect their data assets against security threats. It is widely used by thousands of organizations worldwide, from small businesses to large enterprises.
Installation
Running installation script:
curl -sO https://packages.wazuh.com/4.12/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
It will install 3 central components:
indexer(provide search and analytics engine)server(analyze data received from agents)dashboard(web interface)
And agent is multi-platform and runs on the endpoints that the user wants to monitor. It communicates with the Wazuh server, sending data in near real-time through an encrypted and authenticated channel.
You can access the web interface https://<wazuh-dashboard-ip>:443
Adding agent
…