[37] We replaced our HIDS solution with WAZUH and have not looked back.

Steps for installing WAZUH all in one instance. These are the steps we used including the steps for installing the agents on Linux, windows and macOS / OSX.

The back story for the guide is we used OSSEC for many years and our setup worked fine with sending the OSSEC events to a syslog server for additional reporting. We decided to move to WAZUH as it has a nice interface and reporting. Also the installation and management of the solution is straight forward and simple to use. We have subsequently convinced and started to migrate some of our clients to WAZUH with great results and positive feedback. We therefore decided to put this quick guide together to provide our clients and the community a quick reference to deploy their own standalone instance should they want to.  The all in one install we deployed can support up to +/- 100 agents.

The guide used in this tutorial can be found in the YouTube description section of the video guide.

Blocking https sites with IPFire

Got a request from “dedu mihail” & “Amandeep Singh” on how to block https sites. In this quick walk-through we show how to use the proxy with manual settings which is needed to block https urls / sites. It does not work via transparent mode. (We could not find a simple way to make it work via transparent mode).

1. Configure the end user machine to use the proxy.

2. Configure the proxy on IPFire to use the url filter capability.

3. Configure the url filter to block the https url 4. Configure the url filter to allow restriction bypass for listed IP’s.

Enabling Network-Wide Ad blocking!

In this walk through we will show you how to install Pi-Hole to enable network wide ad blocking on your network. We will also show you how to configure a windows machine and the basic steps on how to enable it network wide via your router.

–START–

Url’s used: Pi-Hole – https://pi-hole.net/

Debian 9 (Stretch) – https://www.debian.org/releases/stretch/debian-installer/

DD-WRT – https://dd-wrt.com/

Prerequisites

Prerequisites

Steps

  1. Install one of the supported operating systems
  2. ssh to the OS you decided to use after the OS installation. (We used Debian 9 for the walk through.)– $ su– # wget -O basic-install.sh https://install.pi-hole.net– # bash basic-install.sh
  3. login you our device/s and point its dns settings to the Pi-Hole server. Alternatively change the settings on your router to provide the Pi-Holes ip as your networks dns via DHCP. For more detail refer to the video provided by the link below or reach out to us.

QRadar 7.3.1 (CE) Community Edition – Install – Start to Finish – (Unofficial)

QRadar Community Edition 7.3.1 is a fully-featured version of QRadar that you can use at home or in your lab. A new feature of QRadar Community Edition 7.3.1 enables IBM Security X-Force® Threat Intelligence IP reputation for use.

Note: “# sudo /opt/qradar/support/changePasswd.sh -a” command is used to set the QRadar WUI admin password at the end of the installation.

QRadar Community Edition v7.3.0 is the previous release.

Q1 LABS, QRADAR and the ‘Q’ Logo are trademarks or registered trademarks of IBM Corp. All other trademarks are the property of their respective owners.

This is an unofficial video.

Disclaimer – https://www.hendgrow.com/disclaimer/

QRadar 7.3.0 (CE) Community Edition – Install – Start to Finish – (Unofficial)

QRadar Community Edition v7.3.0 is a fully-featured version of QRadar that you can use at home or in your lab. As the QRadar Community Edition install is slightly different from the Standard / traditional QRadar installation. Thought there was value in creating this walk-through.

QRadar Community Edition v7.3.1 has been released. QRadar Community Edition v7.3.1

Note: “# sudo /opt/qradar/support/changePasswd.sh -a” command is used to set the QRadar WUI admin password at the end of the installation.

Links for the ISO’s used:

CentOS

QRadar CE

Q1 LABS, QRADAR and the ‘Q’ Logo are trademarks or registered trademarks of IBM Corp. All other trademarks are the property of their respective owners.

IPFire – The Initial Build (Firewall | Router| Proxy | Gateway)…

IPFire is a hardened open source Linux distribution that primarily performs as a router and a firewall. It’s a standalone firewall system with a web-based management console for configuration.

In short a Good Open-source firewall /proxy that can be used at home. Easy 2 install & Easy 2 use?

There are many open-source distros available today that could serve as a proxy or firewall. We are not saying IPFire is the only firewall/proxy distro. However, if you looking for an easy install system with many add-ons for home or small office use look no further. In this walk though will show you how to install the IPFire Open Source Firewall. Use it as your personal firewall gateway and proxy server.

For more information on IPFire visit https://www.ipfire.org