- Creating an Elasticsearch + Kibana + Wazuh SIEM
These documents are going to show you how I setup my ELK-SIEM + Wazuh workstations. This process can take a bit to complete and some parts are just import and you are done. Now these installs are two different devices, which are similar. While very different with how you ingest data and install agents.
Note:
- This process was setup on a VMware ESXI 6.7.OU3B and these machines are running 24/7.
- Now if you wanna use that process then this setup guide is still the same.
I am trying to make this process simple are straight to the point. So that you can follow along and re-create the same setup that I have created.
What is Elasticsearch?
https://www.elastic.co/guide/en/elasticsearch/reference/current/elasticsearch-intro.html
What is Kibana?
https://www.elastic.co/guide/en/kibana/current/introduction.html
What is Wazuh?
-
Hosting Server Software
-
ubuntu Server 18.04 & 20.04 LTS #Option 3
- The Hypervisor that you use is up to you but, process is still the same.
- You can use linux or windows for the base hypervisor install.
-
VirtualBox for Windows or Linux Installs
-
Oracle VirtualBox 6.1.16
- Oracle VirtualBox Guest Extension Pack
-
VMware for Windows or Linux Installs
-
VMware Workstation 16.1.0 Player Free
These two are optional below. You will need physical hardware to install.
- Vmware ESXI 6.7.OU3B
- Vmware ESXI 7.0
- Install Elastic Stack Guide:
- Security Configuration Guide:
- Elastic Beats Module Guide:
- Wazuh Install Guide:
https://github.com/watsoninfosec/ELK-SIEM/blob/main/Deployment-Guide/Wazuh-Guide/Setup-Guide.md
This project is licensed under the MIT License - see the LICENSE file for details
MIT © WatsonInfoSec