Infrastructure and services are important, but protecting and monitoring them is even more important.

To fulfill this need, I implemented Wazuh in my home lab network to monitor and respond to incidents using the platform’s extensive SIEM and anti-virus / XDR solution, such features would typically be incredibly expensive and limited to the enterprise.

I started by deploying one Linux (Ubuntu Server) on my VMWare ESXI host, then installed the Wazuh package and configured SSH and user permissions. I then edited the Wazuh configuration in etc/ossec.conf per their documentation to utilize SSL / TLS, SMTP / email alerts and accessed the Wazuh web interface.

Finally, I deployed the Wazuh agent to all of my Linux and Windows servers and computers in my home lab using PowerShell (ps remoting & msiexec) then validated the solution by downloading test malware and found that the XDR immediately removed the test malware which I downloaded and promptly delivered a notification to my inbox. I then utilized Kibana & elastic search to perform a deep dive into the incident using the SIEM.