Wazuh ‐ Adding agents - mluchettii/github-wiki-mluchetti GitHub Wiki

Agents added: Windows 11 and Fedora Server 42

Table of Contents

• Adding a Windows agent
• Adding a Linux agent

Adding a Windows agent

Open the Wazuh dashboard and click "Deploy a new agent." On the next screen, provide your system information it asks for and copy the install command it gives you for your Windows agent. In my case, it was:

Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.13.1-1.msi -OutFile $env:tmp\wazuh-agent; msiexec.exe /i $env:tmp\wazuh-agent /q WAZUH_MANAGER='centos.tail8a06c2.ts.net' WAZUH_AGENT_GROUP='default' WAZUH_AGENT_NAME='xps'

Then, use the following command to start the Wazuh agent service:

NET START Wazuh

Confirmation that the agent xps (001) is running locally (left) and also on the Wazuh Endpoints dashboard (right).

Adding a Linux agent

Follow the same steps for this Linux agent installation. In the end, you should be provided a command to execute that looks something like this:

curl -o wazuh-agent-4.13.1-1.aarch64.rpm https://packages.wazuh.com/4.x/yum/wazuh-agent-4.13.1-1.aarch64.rpm && sudo WAZUH_MANAGER='centos' WAZUH_AGENT_GROUP='default' WAZUH_AGENT_NAME='fedora' rpm -ihv wazuh-agent-4.13.1-1.aarch64.rpm

When finished, run these commands:

sudo systemctl daemon-reload

sudo systemctl enable wazuh-agent

sudo systemctl start wazuh-agent

Also run this command on both the server and client, so as to prevent Wazuh updates from breaking the configuration:

sudo sed -i *s/^enabled=1/enabled=0/* /etc/yum.repos.d/wazuh.repo

End result: two agents, one Windows, one Linux