Assignment 9‐3 SIEM Installation Research - Jacob-Mayotte/SYS480 GitHub Wiki

SIEM to install: Wazuh

I decided on Wazuh because I previously installed it for another cyber course (SEC-350). I do not recall it being a nightmare - but I did it manually, without Ansible. I researched the installation of Wazuh w/ Ansible and it seems to be well documented. It can either be in a single-node or multi-node cluster, we are using the single-node cluster install.

Which OS is it for (you will need to deploy server(s) to run it - so anything you have a base VM for might be a good choice)?

Fortunately, Wazuh is versatile and supports many different operating systems/browsers :

Amazon Linux 2	CentOS 7, 8
Red Hat Enterprise Linux 7, 8, 9	Ubuntu 16.04, 18.04, 20.04, 22.04

Source

Installation Guide

Wazuh has great documentation between their website and GitHub, and they even have specific documentation explaining the deployment of Wazuh w/ Ansible. Use the link above to start!

Here are the requirements defined by Wazuh: https://documentation.wazuh.com/current/deployment-options/deploying-with-ansible/installation-guide.html#requirements

Wazuh breaks down the installation workflow like so:

Install Ansible: https://documentation.wazuh.com/current/deployment-options/deploying-with-ansible/guide/install-ansible.html

Great breakdown of Ansible install. Includes a testing connection explanation.

Install Wazuh Indexer and Dashboard: https://documentation.wazuh.com/current/deployment-options/deploying-with-ansible/guide/install-indexer-dashboard.html
Install Wazuh Manager: https://documentation.wazuh.com/current/deployment-options/deploying-with-ansible/guide/install-wazuh-manager.html
Agent installation: https://documentation.wazuh.com/current/deployment-options/deploying-with-ansible/guide/install-wazuh-agent.html

Sources Listed w/ Extermnal sources too:

COMPLTED TO THE BEST OF MY ABILITY AT THIS POINT _ WILLL REVISE AFTER MILESTONES ARE CAUGHT UP!!!!