Tutorial: Wazuh SIEM - Installation and Configuration (Complete Steps)

Tutorial: Installing and Configuring Wazuh SIEM

Step 1: Visit Wazuh Website

1. Go to the Wazuh website at wazuh.com.
2. Click on "Install Wazuh" to access the installation page.

Step 2: Install Wazuh Manager

1. Follow the installation guide on the website to install Wazuh Manager.
2. Proceed to install the Wazuh Agent for your preferred operating system (Linux, Windows, Mac OS).

Step 3: Download Virtual Machine Image (Optional)

1. If preferred, download the pre-built virtual machine image (OVA) from the website.
2. Import the OVA file into your virtualization software (e.g., VMware Workstation) by right-clicking and selecting the appropriate software to open it.

Step 4: Configure Wazuh

1. Once the virtual machine is imported, adjust settings like memory allocation and network adapter.
2. Log in to Wazuh using the default credentials: root (username) and wazuh (password).

Step 5: Access Wazuh Manager

1. Open a web browser and enter the IP address displayed on Wazuh Manager.
2. Accept any security warnings to access the Wazuh Manager dashboard.

Step 6: Install Wazuh Agent on Client

1. Install the Wazuh Agent on your client machine (e.g., Windows 10) by downloading and running the installation file.
2. Launch the Wazuh Agent configuration interface after installation.

Step 7: Obtain Application Key

1. Access the Wazuh documentation to get the application key needed for agent registration.
2. Use the provided commands to manage the agent and register it with the Wazuh Manager.

Step 8: Verify Agent Communication

1. Check the status of the agent on Wazuh Manager to ensure successful communication.
2. Verify the agent details and status under the "Agents" section on the Wazuh Manager dashboard.

Step 9: Monitor Security Events

1. Explore the security events and logs on Wazuh Manager to track agent activities.
2. Use the dashboard to view agent roles, integrity monitoring, and security event details.

Step 10: Configure Policies

1. Enable audit policies on the client machine to capture events like logon attempts.
2. Update group policies and local computer settings to enhance monitoring capabilities.

Step 11: Test Security Measures

1. Trigger security events like invalid logins to test the monitoring capabilities.
2. Review the recorded events in the Wazuh Manager to ensure proper detection and logging.

Step 12: Finalize Configuration

1. Check the overall overview of agents and security events on the Wazuh Manager dashboard.
2. Ensure that Wazuh Manager and Agent are properly configured and operational.

By following these steps, you can successfully install and configure Wazuh SIEM for robust security monitoring and event management.