[37] We replaced our HIDS solution with WAZUH and have not looked back.

Steps for installing WAZUH all in one instance. These are the steps we used including the steps for installing the agents on Linux, windows and macOS / OSX.

The back story for the guide is we used OSSEC for many years and our setup worked fine with sending the OSSEC events to a syslog server for additional reporting. We decided to move to WAZUH as it has a nice interface and reporting. Also the installation and management of the solution is straight forward and simple to use. We have subsequently convinced and started to migrate some of our clients to WAZUH with great results and positive feedback. We therefore decided to put this quick guide together to provide our clients and the community a quick reference to deploy their own standalone instance should they want to.  The all in one install we deployed can support up to +/- 100 agents.

- - - - - START HERE - - - - - 
PDF version 

Min recommendations & specs we used (we have 20 agents in our environment) 
Ubuntu Server 20.06 
2x CPU
6 GB RAM
250 GB HDD
NIC

- - - - - 
ssh to your Ubuntu Server instance. 

ssh yourusername@yourserverip

Set root password

sudo passwd

Enter the new root password
Confirm the new root password

su 

Enter the password you just set. 
 
Install WAZUH

apt-get install libcap-ng-utils unzip 
curl -so ~/all-in-one-installation.sh https://raw.githubusercontent.com/wazuh/wazuh-documentation/4.0/resources/open-distro/unattended-installation/all-in-one-installation.sh && bash ~/all-in-one-installation.sh

Open your web browser and navigate to your servers ip

https://yourseversipaddress or FQDN
 
Adding agents

Note you need to substitute your server FQDN or IP address where we have yourserver

Linux (Ubuntu 20.04 Desktop)
Open the terminal and run the following commands

sudo apt-get install curl
sudo curl -so wazuh-agent.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.0.4-1_amd64.deb && sudo WAZUH_MANAGER='yourserver' dpkg -i ./wazuh-agent.deb

Start the agent

sudo service wazuh-agent start

Windows 
Open the powershell ISE as administrator and run the following command 

Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.0.4-1.msi -OutFile wazuh-agent.msi; ./wazuh-agent.msi /q WAZUH_MANAGER='yourserver' WAZUH_REGISTRATION_SERVER='yourserver'

Mac
Open the terminal and run the following command 

curl -so wazuh-agent.pkg https://packages.wazuh.com/4.x/macos/wazuh-agent-4.0.4-1.pkg && sudo launchctl setenv WAZUH_MANAGER 'yourserver' && sudo installer -pkg ./wazuh-agent.pkg -target /

Start the agent 
sudo /Library/Ossec/bin/ossec-control start

 - - - - - EnD - - - - - 

QRadar 7.3.1 (CE) Community Edition – Install – Start to Finish – (Unofficial)

QRadar Community Edition 7.3.1 is a fully-featured version of QRadar that you can use at home or in your lab. A new feature of QRadar Community Edition 7.3.1 enables IBM Security X-Force® Threat Intelligence IP reputation for use.

Note: “# sudo /opt/qradar/support/changePasswd.sh -a” command is used to set the QRadar WUI admin password at the end of the installation.

QRadar Community Edition v7.3.0 is the previous release.

Q1 LABS, QRADAR and the ‘Q’ Logo are trademarks or registered trademarks of IBM Corp. All other trademarks are the property of their respective owners.

This is an unofficial video.

Disclaimer – https://www.hendgrow.com/disclaimer/

QRadar 7.3.0 (CE) Community Edition – Install – Start to Finish – (Unofficial)

QRadar Community Edition v7.3.0 is a fully-featured version of QRadar that you can use at home or in your lab. As the QRadar Community Edition install is slightly different from the Standard / traditional QRadar installation. Thought there was value in creating this walk-through.

QRadar Community Edition v7.3.1 has been released. QRadar Community Edition v7.3.1

Note: “# sudo /opt/qradar/support/changePasswd.sh -a” command is used to set the QRadar WUI admin password at the end of the installation.

Links for the ISO’s used:

CentOS

QRadar CE

Q1 LABS, QRADAR and the ‘Q’ Logo are trademarks or registered trademarks of IBM Corp. All other trademarks are the property of their respective owners.

The HendGrow site & YouTube channel was created to share knowledge by sharing how-to guides, book reviews, general knowledge etc, with the aim to empower the reader, viewer with the information to implement various solutions on their own or gain knowledge on various topics. Maybe you wondering what that book or topics is about, could be looking for a free firewall solution to protect the family or business. Have decided to open a store and need an open source web or retail Point of Sale (POS) system. The HendGrow site and channel provides walk-throughs on these and various other topics. The topics are either directly from our subscriber requests or derived from solutions we have implemented, that we believe could add value to the community. It’s our way to give back and hopefully help a few people along the way. If only one person gets value out of the how-to / walk-through guides then to us the effort was worth it.

Visit youtube & patreon