Wazuh on docker and Windows 10 Agent deployment

Hi everyone and welcome! Here is how to deploy Wazuh on docker What is Wazuh? Wazuh is a free, open source and enterprise-ready security monitoring solution for security purpose Wauzh docker required over 6.5 GB ram Play safe and ram to 8 GB First change memory exceptions limit to higher which allow docker container to use more ram This settings can made permanent settings or temporary setting First set temporary increase setting with sysctl - command Then permanent fix on /etc/sysctl.conf file If you run this on centos/red hat remember allow SELinux to run this Two way to set up wazuh containers clone whole git repo or just download docker-compose.yml file On docker-compose file are all settings for wazuh With whole repo you can modify nginx settings more like certificate Then set up wazuh containers with docker-compose up command Or on backgroup docker-compose up -d After a few moments open browser to nagivate on Wazuh web gui Kibana is backgroup on wazuh Search Wazuh tap Let’s check Agent tap and install client to Windows 10 host Search with google Wazuh client packages list to get Windows 10 agent All other agent are in same page like Centos After downloading package install it After installation configure Wazuh agent with server ip and set authentication key On gui set only server ip Next open command prompt with admin rights To give auth key This works with container otherwise create auth key on server Run command: C:\Program Files (x86)\ossec-agent\agent-auth.exe -m Now client have auth key Restart wazuh agent Now Windows host is on Wazuh system can be observe from it Next time i will add cve data to Wazuh Thanks for watching! See you soon! .