{"id":1227,"date":"2025-01-30T13:51:27","date_gmt":"2025-01-30T12:51:27","guid":{"rendered":"https:\/\/www.cipv6.de\/worp\/?p=1227"},"modified":"2025-01-30T13:55:50","modified_gmt":"2025-01-30T12:55:50","slug":"getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem","status":"publish","type":"post","link":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/","title":{"rendered":"Getting Started with Wazuh: Setting Up Your Lab Environment for XDR and SIEM&#8221;"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<p class=\"has-medium-font-size\">In today&#8217;s cybersecurity landscape, having a robust and flexible security information and event management (<a href=\"https:\/\/en.wikipedia.org\/wiki\/Security_information_and_event_management#:~:text=Security%20information%20and%20event%20management%20(SIEM)%20is%20a%20field%20within,by%20applications%20and%20network%20hardware.\">SIEM<\/a>) system is crucial. <br><a href=\"https:\/\/wazuh.com\/community\/\">Wazuh<\/a>, an open-source security platform, offers comprehensive solutions for threat detection, integrity monitoring, incident response, and compliance.<\/p>\n\n\n\n<p class=\"has-medium-font-size\">Wazuh has an interesting history. In 2015, the Wazuh team decided to fork OSSEC, an open-source host-based Intrusion Detection System (IDS), to expand its core functionalities with additional features, enhancements, and a user-friendly interface.<br>Wazuh has grown significantly since its inception. It is now a comprehensive, open-source security platform that provides unified XDR (Extended Detection and Response) and SIEM (Security Information and Event Management) capabilities. The platform is designed to monitor infrastructures, detect threats, respond to incidents, and ensure regulatory compliance.<br><br>This blog will guide you through setting up Wazuh in a lab environment, focusing on its basic capabilities in Extended Detection and Response (<a href=\"https:\/\/en.wikipedia.org\/wiki\/Extended_detection_and_response#:~:text=Extended%20detection%20and%20response%20(XDR,and%20mitigates%20cyber%20security%20threats.\">XDR<\/a>) and <a href=\"https:\/\/en.wikipedia.org\/wiki\/Security_information_and_event_management#:~:text=Security%20information%20and%20event%20management%20(SIEM)%20is%20a%20field%20within,by%20applications%20and%20network%20hardware.\">SIEM<\/a>. <br>Whether you&#8217;re a cybersecurity professional or an enthusiast, this step-by-step guide will help to get started with Wazuh to secure your systems effectively.<br>We start with the defaults to make the lab-setup not more complex as necessary.<br><br>My Lab-env is as follows:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td class=\"has-text-align-center\" data-align=\"center\"><strong>Host<\/strong><\/td><td class=\"has-text-align-center\" data-align=\"center\">IP<\/td><td class=\"has-text-align-center\" data-align=\"center\">OS<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Wazuh-Server<\/td><td class=\"has-text-align-center\" data-align=\"center\">10.50.100.76<\/td><td class=\"has-text-align-center\" data-align=\"center\">Ubuntu 24 LTS<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Wazuh-Agent<\/td><td class=\"has-text-align-center\" data-align=\"center\">10.50.100.110<\/td><td class=\"has-text-align-center\" data-align=\"center\">RHEL 9<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Wazuh-Agent<\/td><td class=\"has-text-align-center\" data-align=\"center\">10.50.100.111<\/td><td class=\"has-text-align-center\" data-align=\"center\">RHEL 9<\/td><\/tr><tr><td class=\"has-text-align-center\" data-align=\"center\">Wazuh-Agent<\/td><td class=\"has-text-align-center\" data-align=\"center\">10.50.100.201<\/td><td class=\"has-text-align-center\" data-align=\"center\">Windows<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_83 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a01270741334\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a01270741334\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/#Basic_setup_of_Wazuh-Server\" >Basic setup of Wazuh-Server<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/#Linux_Basic_setup_of_Wazuh-Agent\" >Linux: Basic setup of Wazuh-Agent<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/#Windows_Basic_setup_of_Wazuh-Agent\" >Windows: Basic setup of Wazuh-Agent<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/#Access_the_Dashboard\" >Access the Dashboard<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/#Fix_a_chrony-findingvulnerability\" >Fix a chrony-finding\/vulnerability<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/#get_the_chrony_finding_fixed\" >get the chrony finding fixed<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Basic_setup_of_Wazuh-Server\"><\/span>Basic setup of Wazuh-Server<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"has-medium-font-size\">with root rights execute \t\t<span \n\t\t\tid=\"ctc-inline-OCQ3OlQq\"\n\t\t\tclass=\"ctc-shortcode ctc-shortcode--inline\"\n\t\t\tdata-ctc-analytics=\"1\"\n\t\t\tdata-ctc-copy=\" &lt;code&gt;curl -sO https:\/\/packages.wazuh.com\/4.10\/wazuh-install.sh &amp;&amp; sudo bash .\/wazuh-install.sh -a&lt;\/code&gt; \"\n\t\t\tdata-ctc-success=\"Copied!\"\n\t\t\tdata-ctc-format=\"text\"\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\trole=\"button\"\n\t\t\t\ttabindex=\"0\"\n\t\t\t\taria-label=\"Copy to clipboard\"\n\t\t\t\t\t>\n\t\t\t<span class=\"ctc-shortcode__text \"><code>curl -sO https:\/\/packages.wazuh.com\/4.10\/wazuh-install.sh &amp;&amp; sudo bash .\/wazuh-install.sh -a<\/code><\/span>\n\t\t\t<span class=\"ctc-shortcode__icon\" aria-hidden=\"true\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\"><path stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"2\" d=\"M8 16H6a2 2 0 01-2-2V6a2 2 0 012-2h8a2 2 0 012 2v2m-6 12h8a2 2 0 002-2v-8a2 2 0 00-2-2h-8a2 2 0 00-2 2v8a2 2 0 002 2z\" \/><\/svg><\/span>\t\t\t<span class=\"ctc-shortcode__success\" aria-live=\"polite\"><\/span>\n\t\t<\/span>\n\t\t<\/p>\n\n\n\n<p class=\"has-medium-font-size\">Example output:<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-dark-gray-background-color has-text-color has-background has-link-color wp-elements-3bd93b233a9e17bbf9da8bab5a7f2312\"><code lang=\"bash\" class=\"language-bash\">30\/01\/2025 08:07:17 INFO: Starting Wazuh installation assistant. Wazuh version: 4.10.1\n30\/01\/2025 08:07:17 INFO: Verbose logging redirected to \/var\/log\/wazuh-install.log\n30\/01\/2025 08:07:22 INFO: Verifying that your system meets the recommended minimum hardware requirements.\n30\/01\/2025 08:07:22 INFO: Wazuh web interface port will be 443.\n30\/01\/2025 08:07:27 INFO: --- Dependencies ----\n30\/01\/2025 08:07:27 INFO: Installing apt-transport-https.\n30\/01\/2025 08:07:30 INFO: Installing debhelper.\n30\/01\/2025 08:07:43 INFO: Wazuh repository added.\n30\/01\/2025 08:07:43 INFO: --- Configuration files ---\n30\/01\/2025 08:07:43 INFO: Generating configuration files.\n30\/01\/2025 08:07:44 INFO: Generating the root certificate.\n30\/01\/2025 08:07:44 INFO: Generating Admin certificates.\n30\/01\/2025 08:07:44 INFO: Generating Wazuh indexer certificates.\n30\/01\/2025 08:07:44 INFO: Generating Filebeat certificates.\n30\/01\/2025 08:07:44 INFO: Generating Wazuh dashboard certificates.\n30\/01\/2025 08:07:45 INFO: Created wazuh-install-files.tar. It contains the Wazuh cluster key, certificates, and passwords necessary for installation.\n30\/01\/2025 08:07:45 INFO: --- Wazuh indexer ---\n30\/01\/2025 08:07:45 INFO: Starting Wazuh indexer installation.\n30\/01\/2025 08:08:23 INFO: Wazuh indexer installation finished.\n30\/01\/2025 08:08:23 INFO: Wazuh indexer post-install configuration finished.\n30\/01\/2025 08:08:23 INFO: Starting service wazuh-indexer.\n30\/01\/2025 08:08:35 INFO: wazuh-indexer service started.\n30\/01\/2025 08:08:35 INFO: Initializing Wazuh indexer cluster security settings.\n30\/01\/2025 08:08:38 INFO: Wazuh indexer cluster security configuration initialized.\n30\/01\/2025 08:08:38 INFO: Wazuh indexer cluster initialized.\n30\/01\/2025 08:08:38 INFO: --- Wazuh server ---\n30\/01\/2025 08:08:38 INFO: Starting the Wazuh manager installation.\n30\/01\/2025 08:10:10 INFO: Wazuh manager installation finished.\n30\/01\/2025 08:10:10 INFO: Wazuh manager vulnerability detection configuration finished.\n30\/01\/2025 08:10:10 INFO: Starting service wazuh-manager.\n30\/01\/2025 08:10:22 INFO: wazuh-manager service started.\n30\/01\/2025 08:10:22 INFO: Starting Filebeat installation.\n30\/01\/2025 08:10:28 INFO: Filebeat installation finished.\n30\/01\/2025 08:10:28 INFO: Filebeat post-install configuration finished.\n30\/01\/2025 08:10:28 INFO: Starting service filebeat.\n30\/01\/2025 08:10:30 INFO: filebeat service started.\n30\/01\/2025 08:10:30 INFO: --- Wazuh dashboard ---\n30\/01\/2025 08:10:30 INFO: Starting Wazuh dashboard installation.\n30\/01\/2025 08:11:22 INFO: Wazuh dashboard installation finished.\n30\/01\/2025 08:11:22 INFO: Wazuh dashboard post-install configuration finished.\n30\/01\/2025 08:11:22 INFO: Starting service wazuh-dashboard.\n30\/01\/2025 08:11:23 INFO: wazuh-dashboard service started.\n30\/01\/2025 08:11:24 INFO: Updating the internal users.\n30\/01\/2025 08:11:27 INFO: A backup of the internal users has been saved in the \/etc\/wazuh-indexer\/internalusers-backup folder.\n30\/01\/2025 08:11:35 INFO: The filebeat.yml file has been updated to use the Filebeat Keystore username and password.\n30\/01\/2025 08:12:00 INFO: Initializing Wazuh dashboard web application.\n30\/01\/2025 08:12:01 INFO: Wazuh dashboard web application initialized.\n30\/01\/2025 08:12:01 INFO: --- Summary ---\n30\/01\/2025 08:12:01 INFO: You can access the web interface https:\/\/&lt;wazuh-dashboard-ip&gt;:443\n    User: admin\n    Password: PblablablablaB7n3vfwq\n30\/01\/2025 08:12:01 INFO: Installation finished.<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\">Please note the <strong>autogenerated User\/Password <\/strong>to get later access to the Dashboard.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Linux_Basic_setup_of_Wazuh-Agent\"><\/span>Linux: Basic setup of Wazuh-Agent<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"has-medium-font-size\">with root rights execute:<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-dark-gray-background-color has-text-color has-background has-link-color wp-elements-2ee93cba25222eaf2cf48c82c6be912e\"><code lang=\"bash\" class=\"language-bash\">rpm --import https:\/\/packages.wazuh.com\/key\/GPG-KEY-WAZUH\n\ncat &gt; \/etc\/yum.repos.d\/wazuh.repo &lt;&lt; EOF\n[wazuh]\ngpgcheck=1\ngpgkey=https:\/\/packages.wazuh.com\/key\/GPG-KEY-WAZUH\nenabled=1\nname=EL-\\$releasever - Wazuh\nbaseurl=https:\/\/packages.wazuh.com\/4.x\/yum\/\nprotect=1\nEOF\n<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\"><br>run the Agent installer (10.50.100.76 = Wazuh-Server)<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-dark-gray-background-color has-text-color has-background has-link-color wp-elements-33a91ba0a5e70be62480f7c32002015e\"><code lang=\"bash\" class=\"language-bash\">WAZUH_MANAGER=\"10.50.100.76\" yum install wazuh-agent<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-medium-font-size\">example output:<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-dark-gray-background-color has-text-color has-background has-link-color wp-elements-eb6ed761b466b318bad9e2808329bff7\"><code lang=\"bash\" class=\"language-bash\">[root@rhel-wazuh-agent ~]# rpm --import https:\/\/packages.wazuh.com\/key\/GPG-KEY-WAZUH\ncat > \/etc\/yum.repos.d\/wazuh.repo &lt;&lt; EOF\n[wazuh]\ngpgcheck=1\ngpgkey=https:\/\/packages.wazuh.com\/key\/GPG-KEY-WAZUH\nenabled=1\nname=EL-\\$releasever - Wazuh\nbaseurl=https:\/\/packages.wazuh.com\/4.x\/yum\/\nprotect=1\nEOF\n[root@rhel-wazuh-agent ~]# WAZUH_MANAGER=\"10.50.100.76\" yum install wazuh-agent\nUpdating Subscription Management repositories.\nEL-9 - Wazuh                                                      19 MB\/s |  32 MB     00:01\nLast metadata expiration check: 0:00:09 ago on Thu 30 Jan 2025 11:33:51 AM CET.\nDependencies resolved.\n=================================================================================================\n Package                   Architecture         Version                Repository           Size\n=================================================================================================\nInstalling:\n wazuh-agent               x86_64               4.10.1-1               wazuh               8.9 M\n\nTransaction Summary\n=================================================================================================\nInstall  1 Package\n\nTotal download size: 8.9 M\nInstalled size: 26 M\nIs this ok [y\/N]: y\nDownloading Packages:\nwazuh-agent-4.10.1-1.x86_64.rpm                                   15 MB\/s | 8.9 MB     00:00\n-------------------------------------------------------------------------------------------------\nTotal                                                             15 MB\/s | 8.9 MB     00:00\nRunning transaction check\nTransaction check succeeded.\nRunning transaction test\nTransaction test succeeded.\nRunning transaction\n  Preparing        :                                                                         1\/1\n  Running scriptlet: wazuh-agent-4.10.1-1.x86_64                                             1\/1\n  Installing       : wazuh-agent-4.10.1-1.x86_64                                             1\/1\n  Running scriptlet: wazuh-agent-4.10.1-1.x86_64                                             1\/1\n  Verifying        : wazuh-agent-4.10.1-1.x86_64                                             1\/1\nInstalled products updated.\n\nInstalled:\n  wazuh-agent-4.10.1-1.x86_64\n\nComplete!\n[root@rhel-wazuh-agent ~]#<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-medium-font-size\">Start the Wazuh-Agent and check the status:<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-dark-gray-background-color has-text-color has-background has-link-color wp-elements-f1e07d39712bdfed25f4921f4d82ece2\"><code lang=\"bash\" class=\"language-bash\">systemctl daemon-reload\nsystemctl enable wazuh-agent\nsystemctl start wazuh-agent\nsystemctl status wazuh-agent<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-medium-font-size\">example output:<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-dark-gray-background-color has-text-color has-background has-link-color wp-elements-f47661213dc7a599af4430ee04331610\"><code lang=\"bash\" class=\"language-bash\">[root@rhel-wazuh-agent ~]# systemctl daemon-reload\nsystemctl enable wazuh-agent\nsystemctl start wazuh-agent\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/wazuh-agent.service \u2192 \/usr\/lib\/systemd\/system\/wazuh-agent.service.\n[root@rhel-wazuh-agent ~]# systemctl status wazuh-agent\n\u25cf wazuh-agent.service - Wazuh agent\n     Loaded: loaded (\/usr\/lib\/systemd\/system\/wazuh-agent.service; enabled; preset: disabled)\n     Active: active (running) since Thu 2025-01-30 11:37:47 CET; 17s ago\n    Process: 5702 ExecStart=\/usr\/bin\/env \/var\/ossec\/bin\/wazuh-control start (code=exited, status>\n      Tasks: 33 (limit: 10886)\n     Memory: 430.5M\n        CPU: 6.436s\n     CGroup: \/system.slice\/wazuh-agent.service\n             \u251c\u25005730 \/var\/ossec\/bin\/wazuh-execd\n             \u251c\u25005742 \/var\/ossec\/bin\/wazuh-agentd\n             \u251c\u25005755 \/var\/ossec\/bin\/wazuh-syscheckd\n             \u251c\u25005770 \/var\/ossec\/bin\/wazuh-logcollector\n             \u251c\u25005787 \/var\/ossec\/bin\/wazuh-modulesd\n             \u251c\u25006312 \/bin\/sh active-response\/bin\/restart.sh agent\n             \u251c\u25006316 \/bin\/sh \/var\/ossec\/bin\/wazuh-control restart\n             \u2514\u25006407 expr 29 + 1\n\nJan 30 11:37:40 rhel-wazuh-agent systemd[1]: Starting Wazuh agent...\nJan 30 11:37:40 rhel-wazuh-agent env[5702]: Starting Wazuh v4.10.1...\nJan 30 11:37:41 rhel-wazuh-agent env[5702]: Started wazuh-execd...\nJan 30 11:37:42 rhel-wazuh-agent env[5702]: Started wazuh-agentd...\nJan 30 11:37:43 rhel-wazuh-agent env[5702]: Started wazuh-syscheckd...\nJan 30 11:37:44 rhel-wazuh-agent env[5702]: Started wazuh-logcollector...\nJan 30 11:37:45 rhel-wazuh-agent env[5702]: Started wazuh-modulesd...\nJan 30 11:37:47 rhel-wazuh-agent env[5702]: Completed.\nJan 30 11:37:47 rhel-wazuh-agent systemd[1]: Started Wazuh agent.\n[root@rhel-wazuh-agent ~]#<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Windows_Basic_setup_of_Wazuh-Agent\"><\/span>Windows: Basic setup of Wazuh-Agent<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"has-medium-font-size\"><a href=\"https:\/\/packages.wazuh.com\/4.x\/windows\/wazuh-agent-4.10.1-1.msi\">Download<\/a> the Agent-Installer and execute the command with admin-rights:<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-dark-gray-background-color has-text-color has-background has-link-color wp-elements-4ee461538c7f165d370ef042e26ea980\"><code lang=\"bash\" class=\"language-bash\">wazuh-agent-4.10.1-1.msi \/q WAZUH_MANAGER=\"10.50.100.76\"\nNET START Wazuh<\/code><\/pre>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-medium-font-size\">example-output:<\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-dark-gray-background-color has-text-color has-background has-link-color wp-elements-17abb6b08602e883c644e9f48051d949\"><code lang=\"bash\" class=\"language-bash\">C:\\Windows\\System32>cd C:\\Users\\ugu5ma\\Downloads\nC:\\Users\\ugu5ma\\Downloads>dir\n  Verzeichnis von C:\\Users\\ugu5ma\\Downloads\n\n30.01.2025  12:06    &lt;DIR>          .\n13.01.2025  09:41    &lt;DIR>          ..\n30.01.2025  12:07         5.378.048 wazuh-agent-4.10.1-1.msi\n               1 Datei(en),    5.378.048 Bytes\n               2 Verzeichnis(se), 709.868.328.448 Bytes frei\n\nC:\\Users\\ugu5ma\\Downloads>wazuh-agent-4.10.1-1.msi \/q WAZUH_MANAGER=\"10.50.100.76\"\n\nC:\\Users\\ugu5ma\\Downloads>C:\\Users\\ugu5ma\\Downloads>NET START Wazuh\nWazuh wird gestartet.\nWazuh wurde erfolgreich gestartet.\nC:\\Users\\ugu5ma\\Downloads><\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Access_the_Dashboard\"><\/span>Access the Dashboard<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"has-medium-font-size\">open a Browser and access: https:\/\/10.50.100.76<br>Don&#8217;t be surprised that the connection is interested, we use the default certs.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"840\" height=\"560\" data-attachment-id=\"1243\" data-permalink=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/wazuh02\/\" data-orig-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh02.png?fit=2342%2C1562&amp;ssl=1\" data-orig-size=\"2342,1562\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"wazuh02\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh02.png?fit=840%2C560&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh02.png?resize=840%2C560&#038;ssl=1\" alt=\"\" class=\"wp-image-1243\" srcset=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh02.png?resize=1024%2C683&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh02.png?resize=300%2C200&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh02.png?resize=768%2C512&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh02.png?resize=1536%2C1024&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh02.png?resize=2048%2C1366&amp;ssl=1 2048w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh02.png?resize=1200%2C800&amp;ssl=1 1200w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh02.png?w=1680&amp;ssl=1 1680w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure>\n\n\n\n<p class=\"has-medium-font-size\"><br>We see the default Dashboard:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"830\" height=\"1024\" data-attachment-id=\"1244\" data-permalink=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/wazuh03\/\" data-orig-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh03.png?fit=2436%2C3006&amp;ssl=1\" data-orig-size=\"2436,3006\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"wazuh03\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh03.png?fit=830%2C1024&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh03.png?resize=830%2C1024&#038;ssl=1\" alt=\"\" class=\"wp-image-1244\" srcset=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh03.png?resize=830%2C1024&amp;ssl=1 830w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh03.png?resize=243%2C300&amp;ssl=1 243w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh03.png?resize=768%2C948&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh03.png?resize=1245%2C1536&amp;ssl=1 1245w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh03.png?resize=1660%2C2048&amp;ssl=1 1660w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh03.png?resize=1200%2C1481&amp;ssl=1 1200w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 984px) 61vw, (max-width: 1362px) 45vw, 600px\" \/><\/figure>\n\n\n\n<p class=\"has-medium-font-size\">Wazuh is shipped with <a href=\"https:\/\/documentation.wazuh.com\/current\/user-manual\/ruleset\/rules\/default.html\">default rules<\/a>.<br>In a productive environment the real work would start now: <br>Create\/adapt rules that are suitable for the required purposes and environment.<br>We will start with fixing the first (easy) vulnerability finding.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Fix_a_chrony-findingvulnerability\"><\/span>Fix a chrony-finding\/vulnerability<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"has-medium-font-size\">Lets pick an RHEL-Agent and check the details of the chrony-finding:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"has-medium-font-size\">Navigate to Configuration Assesment<\/li>\n\n\n\n<li class=\"has-medium-font-size\">Select an Agent<\/li>\n\n\n\n<li class=\"has-medium-font-size\">Agent ID 02 looks as a good candidate<\/li>\n\n\n\n<li class=\"has-medium-font-size\">filter the findings for chrony<\/li>\n\n\n\n<li class=\"has-medium-font-size\">click on the failed check<\/li>\n\n\n\n<li class=\"has-medium-font-size\">read carefully the finding and check the settings on the Agent to get it fixed<\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"840\" height=\"527\" data-attachment-id=\"1245\" data-permalink=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/wazuh04\/\" data-orig-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh04.png?fit=2402%2C1506&amp;ssl=1\" data-orig-size=\"2402,1506\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"wazuh04\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh04.png?fit=840%2C527&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh04.png?resize=840%2C527&#038;ssl=1\" alt=\"\" class=\"wp-image-1245\" srcset=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh04.png?resize=1024%2C642&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh04.png?resize=300%2C188&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh04.png?resize=768%2C482&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh04.png?resize=1536%2C963&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh04.png?resize=2048%2C1284&amp;ssl=1 2048w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh04.png?resize=1200%2C752&amp;ssl=1 1200w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh04.png?w=1680&amp;ssl=1 1680w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"840\" height=\"592\" data-attachment-id=\"1246\" data-permalink=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/wazuh05\/\" data-orig-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh05.png?fit=2382%2C1680&amp;ssl=1\" data-orig-size=\"2382,1680\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"wazuh05\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh05.png?fit=840%2C592&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh05.png?resize=840%2C592&#038;ssl=1\" alt=\"\" class=\"wp-image-1246\" srcset=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh05.png?resize=1024%2C722&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh05.png?resize=300%2C212&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh05.png?resize=768%2C542&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh05.png?resize=1536%2C1083&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh05.png?resize=2048%2C1444&amp;ssl=1 2048w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh05.png?resize=1200%2C846&amp;ssl=1 1200w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh05.png?w=1680&amp;ssl=1 1680w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"840\" height=\"473\" data-attachment-id=\"1247\" data-permalink=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/wazuh06\/\" data-orig-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh06.png?fit=2406%2C1356&amp;ssl=1\" data-orig-size=\"2406,1356\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"wazuh06\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh06.png?fit=840%2C473&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh06.png?resize=840%2C473&#038;ssl=1\" alt=\"\" class=\"wp-image-1247\" srcset=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh06.png?resize=1024%2C577&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh06.png?resize=300%2C169&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh06.png?resize=768%2C433&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh06.png?resize=1536%2C866&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh06.png?resize=2048%2C1154&amp;ssl=1 2048w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh06.png?resize=1200%2C676&amp;ssl=1 1200w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh06.png?w=1680&amp;ssl=1 1680w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"840\" height=\"954\" data-attachment-id=\"1248\" data-permalink=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/wazuh07\/\" data-orig-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh07.png?fit=2384%2C2706&amp;ssl=1\" data-orig-size=\"2384,2706\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"wazuh07\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh07.png?fit=840%2C954&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh07.png?resize=840%2C954&#038;ssl=1\" alt=\"\" class=\"wp-image-1248\" srcset=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh07.png?resize=902%2C1024&amp;ssl=1 902w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh07.png?resize=264%2C300&amp;ssl=1 264w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh07.png?resize=768%2C872&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh07.png?resize=1353%2C1536&amp;ssl=1 1353w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh07.png?resize=1804%2C2048&amp;ssl=1 1804w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh07.png?resize=1200%2C1362&amp;ssl=1 1200w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh07.png?w=1680&amp;ssl=1 1680w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"get_the_chrony_finding_fixed\"><\/span>get the chrony finding fixed<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"has-medium-font-size\">The crony process is not executed by user chrony, let&#8217;s get it fixed:<br><\/p>\n\n\n\n<pre class=\"wp-block-code has-white-color has-dark-gray-background-color has-text-color has-background has-link-color wp-elements-36580ce38034506ba77b5e3d83e3425f\"><code lang=\"bash\" class=\"language-bash\">[root@rhel-wazuh-agent ~]# cat \/etc\/sysconfig\/chronyd\n# Command-line options for chronyd\nOPTIONS=\"-F 2\"\n[root@rhel-wazuh-agent ~]# sudo sed -i 's\/OPTIONS=\"-F 2\"\/OPTIONS=\"-F 2 -u chrony\"\/' \/etc\/sysconfig\/chronyd\n[root@rhel-wazuh-agent ~]# cat \/etc\/sysconfig\/chronyd\n# Command-line options for chronyd\nOPTIONS=\"-F 2 -u chrony\"\n[root@rhel-wazuh-agent ~]# ps -eo user,comm | grep chronyd\nchrony   chronyd\n\n[root@rhel-wazuh-agent ~]# systemctl restart chronyd\n[root@rhel-wazuh-agent ~]# systemctl restart wazuh-agent<\/code><\/pre>\n\n\n\n<p class=\"has-medium-font-size\">To force a new assessment a restart of the Wazuh-agent is necessary.<br><\/p>\n\n\n\n<p class=\"has-medium-font-size\">Go back to the Dashboard\/finding-screen and check again the chrony-finding:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"840\" height=\"477\" data-attachment-id=\"1250\" data-permalink=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/wazuh08-2\/\" data-orig-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh08-1.png?fit=2414%2C1372&amp;ssl=1\" data-orig-size=\"2414,1372\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"wazuh08\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh08-1.png?fit=840%2C477&amp;ssl=1\" src=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh08-1.png?resize=840%2C477&#038;ssl=1\" alt=\"\" class=\"wp-image-1250\" srcset=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh08-1.png?resize=1024%2C582&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh08-1.png?resize=300%2C171&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh08-1.png?resize=768%2C436&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh08-1.png?resize=1536%2C873&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh08-1.png?resize=2048%2C1164&amp;ssl=1 2048w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh08-1.png?resize=1200%2C682&amp;ssl=1 1200w, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh08-1.png?w=1680&amp;ssl=1 1680w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure>\n\n\n\n<p class=\"has-medium-font-size\">Chrony looks good now, just another 82 findings to fix  <img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"55\" height=\"45\" data-attachment-id=\"1251\" data-permalink=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/wazuh09\/\" data-orig-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh09.png?fit=274%2C226&amp;ssl=1\" data-orig-size=\"274,226\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"wazuh09\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh09.png?fit=274%2C226&amp;ssl=1\" class=\"wp-image-1251\" style=\"width: 55px;\" src=\"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh09.png?resize=55%2C45&#038;ssl=1\" alt=\"\"> <\/p>\n\n\n\n<p class=\"has-medium-font-size\"><strong><em>In one of the next sessions I will go into the details of Wazuh, it is a great product.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In today&#8217;s cybersecurity landscape, having a robust and flexible security information and event management (SIEM) system is crucial. Wazuh, an open-source security platform, offers comprehensive solutions for threat detection, integrity monitoring, incident response, and compliance. Wazuh has an interesting history. In 2015, the Wazuh team decided to fork OSSEC, an open-source host-based Intrusion Detection System &hellip; <a href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Getting Started with Wazuh: Setting Up Your Lab Environment for XDR and SIEM&#8221;&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":1228,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"template-page-builder-no-sidebar.php","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"\ud83d\udd12 Secure your systems with Wazuh! \ud83c\udf10 Set up your lab environment for XDR and SIEM, and experience top-notch threat detection and incident response. Get started today and stay ahead in cybersecurity! #Wazuh #CyberSecurity #XDR #SIEM\"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[64],"tags":[56],"class_list":["post-1227","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Getting Started with Wazuh: Setting Up Your Lab Environment for XDR and SIEM&quot; - cipv6.de<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Getting Started with Wazuh: Setting Up Your Lab Environment for XDR and SIEM&quot; - cipv6.de\" \/>\n<meta property=\"og:description\" content=\"In today&#8217;s cybersecurity landscape, having a robust and flexible security information and event management (SIEM) system is crucial. Wazuh, an open-source security platform, offers comprehensive solutions for threat detection, integrity monitoring, incident response, and compliance. Wazuh has an interesting history. In 2015, the Wazuh team decided to fork OSSEC, an open-source host-based Intrusion Detection System &hellip; Continue reading &quot;Getting Started with Wazuh: Setting Up Your Lab Environment for XDR and SIEM&#8221;&quot;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/\" \/>\n<meta property=\"og:site_name\" content=\"cipv6.de\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-30T12:51:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-30T12:55:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1080\" \/>\n\t<meta property=\"og:image:height\" content=\"617\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"ugu5ma\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ugu5ma\" \/>\n<meta name=\"twitter:site\" content=\"@ugu5ma\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ugu5ma\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2025\\\/01\\\/30\\\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2025\\\/01\\\/30\\\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\\\/\"},\"author\":{\"name\":\"ugu5ma\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#\\\/schema\\\/person\\\/5d62b275485540be9e5e9e33d4fab86d\"},\"headline\":\"Getting Started with Wazuh: Setting Up Your Lab Environment for XDR and SIEM&#8221;\",\"datePublished\":\"2025-01-30T12:51:27+00:00\",\"dateModified\":\"2025-01-30T12:55:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2025\\\/01\\\/30\\\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\\\/\"},\"wordCount\":465,\"publisher\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#\\\/schema\\\/person\\\/5d62b275485540be9e5e9e33d4fab86d\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2025\\\/01\\\/30\\\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.cipv6.de\\\/worp\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/wazuh01.jpg?fit=1080%2C617&ssl=1\",\"keywords\":[\"security\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2025\\\/01\\\/30\\\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\\\/\",\"url\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2025\\\/01\\\/30\\\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\\\/\",\"name\":\"Getting Started with Wazuh: Setting Up Your Lab Environment for XDR and SIEM\\\" - cipv6.de\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2025\\\/01\\\/30\\\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2025\\\/01\\\/30\\\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.cipv6.de\\\/worp\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/wazuh01.jpg?fit=1080%2C617&ssl=1\",\"datePublished\":\"2025-01-30T12:51:27+00:00\",\"dateModified\":\"2025-01-30T12:55:50+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2025\\\/01\\\/30\\\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2025\\\/01\\\/30\\\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2025\\\/01\\\/30\\\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.cipv6.de\\\/worp\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/wazuh01.jpg?fit=1080%2C617&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.cipv6.de\\\/worp\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/wazuh01.jpg?fit=1080%2C617&ssl=1\",\"width\":1080,\"height\":617},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/index.php\\\/2025\\\/01\\\/30\\\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Getting Started with Wazuh: Setting Up Your Lab Environment for XDR and SIEM&#8221;\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#website\",\"url\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/\",\"name\":\"cipv6.de\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#\\\/schema\\\/person\\\/5d62b275485540be9e5e9e33d4fab86d\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.cipv6.de\\\/worp\\\/#\\\/schema\\\/person\\\/5d62b275485540be9e5e9e33d4fab86d\",\"name\":\"ugu5ma\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g\",\"caption\":\"ugu5ma\"},\"logo\":{\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g\"},\"sameAs\":[\"https:\\\/\\\/cipv6.de\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Getting Started with Wazuh: Setting Up Your Lab Environment for XDR and SIEM\" - cipv6.de","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/","og_locale":"en_US","og_type":"article","og_title":"Getting Started with Wazuh: Setting Up Your Lab Environment for XDR and SIEM\" - cipv6.de","og_description":"In today&#8217;s cybersecurity landscape, having a robust and flexible security information and event management (SIEM) system is crucial. Wazuh, an open-source security platform, offers comprehensive solutions for threat detection, integrity monitoring, incident response, and compliance. Wazuh has an interesting history. In 2015, the Wazuh team decided to fork OSSEC, an open-source host-based Intrusion Detection System &hellip; Continue reading \"Getting Started with Wazuh: Setting Up Your Lab Environment for XDR and SIEM&#8221;\"","og_url":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/","og_site_name":"cipv6.de","article_published_time":"2025-01-30T12:51:27+00:00","article_modified_time":"2025-01-30T12:55:50+00:00","og_image":[{"width":1080,"height":617,"url":"https:\/\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg","type":"image\/jpeg"}],"author":"ugu5ma","twitter_card":"summary_large_image","twitter_creator":"@ugu5ma","twitter_site":"@ugu5ma","twitter_misc":{"Written by":"ugu5ma","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/#article","isPartOf":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/"},"author":{"name":"ugu5ma","@id":"https:\/\/www.cipv6.de\/worp\/#\/schema\/person\/5d62b275485540be9e5e9e33d4fab86d"},"headline":"Getting Started with Wazuh: Setting Up Your Lab Environment for XDR and SIEM&#8221;","datePublished":"2025-01-30T12:51:27+00:00","dateModified":"2025-01-30T12:55:50+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/"},"wordCount":465,"publisher":{"@id":"https:\/\/www.cipv6.de\/worp\/#\/schema\/person\/5d62b275485540be9e5e9e33d4fab86d"},"image":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg?fit=1080%2C617&ssl=1","keywords":["security"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/","url":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/","name":"Getting Started with Wazuh: Setting Up Your Lab Environment for XDR and SIEM\" - cipv6.de","isPartOf":{"@id":"https:\/\/www.cipv6.de\/worp\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/#primaryimage"},"image":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg?fit=1080%2C617&ssl=1","datePublished":"2025-01-30T12:51:27+00:00","dateModified":"2025-01-30T12:55:50+00:00","breadcrumb":{"@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/#primaryimage","url":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg?fit=1080%2C617&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg?fit=1080%2C617&ssl=1","width":1080,"height":617},{"@type":"BreadcrumbList","@id":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/01\/30\/getting-started-with-wazuh-setting-up-your-lab-environment-for-xdr-and-siem\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cipv6.de\/worp\/"},{"@type":"ListItem","position":2,"name":"Getting Started with Wazuh: Setting Up Your Lab Environment for XDR and SIEM&#8221;"}]},{"@type":"WebSite","@id":"https:\/\/www.cipv6.de\/worp\/#website","url":"https:\/\/www.cipv6.de\/worp\/","name":"cipv6.de","description":"","publisher":{"@id":"https:\/\/www.cipv6.de\/worp\/#\/schema\/person\/5d62b275485540be9e5e9e33d4fab86d"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cipv6.de\/worp\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.cipv6.de\/worp\/#\/schema\/person\/5d62b275485540be9e5e9e33d4fab86d","name":"ugu5ma","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g","caption":"ugu5ma"},"logo":{"@id":"https:\/\/secure.gravatar.com\/avatar\/7211dd31d32612293e4228c8f880721a803dcc15211868f096ea9a8e77b6f316?s=96&d=mm&r=g"},"sameAs":["https:\/\/cipv6.de"]}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/01\/wazuh01.jpg?fit=1080%2C617&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9uBTs-jN","jetpack-related-posts":[{"id":630,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2021\/01\/31\/daily-compression-of-influxdb\/","url_meta":{"origin":1227,"position":0},"title":"daily compression of InfluxDB","author":"ugu5ma","date":"January 31, 2021","format":false,"excerpt":"InfluxDB is an open source time series database built by InfluxData and used in e.g. Openhab for data persistance.For small computers like raspi's it is a best practice to compress the database regurlarly. Why not using cron ? Well, it works.. the only (security)-drawback is to grant \/bin\/bash to the\u2026","rel":"","context":"In &quot;Influx&quot;","block_context":{"text":"Influx","link":"https:\/\/www.cipv6.de\/worp\/index.php\/category\/linux\/influx\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1316,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2025\/03\/11\/iso-27001-27006-and-27009-the-essential-normative-standards-for-isms\/","url_meta":{"origin":1227,"position":1},"title":"ISO 27001, 27006, and 27009: The Essential Normative Standards for ISMS","author":"ugu5ma","date":"March 11, 2025","format":false,"excerpt":"Introduction ISO 27000 is a family of standards focused on information security management systems (ISMS). Within this series, some standards are\u00a0normative, meaning they define essential requirements, while others are\u00a0informative, providing guidelines and recommendations. Difference Between Normative and Informative Standards Normative standards\u00a0are mandatory for certification and compliance. They establish requirements that\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/www.cipv6.de\/worp\/index.php\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/03\/isonormatinform.webp?fit=1024%2C1024&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/03\/isonormatinform.webp?fit=1024%2C1024&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/03\/isonormatinform.webp?fit=1024%2C1024&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2025\/03\/isonormatinform.webp?fit=1024%2C1024&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":939,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/26\/duplicati-rpi-setup-on-64-bit-ubuntu-os-jammy-22-04\/","url_meta":{"origin":1227,"position":2},"title":"Duplicati RPi setup on 64-bit Ubuntu OS Jammy (22.04)","author":"ugu5ma","date":"August 26, 2024","format":false,"excerpt":"Setting up Duplicati on Ubuntu Jammy (22.04) for Raspberry Pi (RPI) is a great way to ensure your data is securely backed up. Duplicati is a free, open-source backup solution that allows you to store encrypted, incremental, and compressed backups on various cloud storage services and remote file servers.\u00a0It supports\u2026","rel":"","context":"In &quot;Linux&quot;","block_context":{"text":"Linux","link":"https:\/\/www.cipv6.de\/worp\/index.php\/category\/linux\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/CleanShot-2024-08-26-at-11.43.33%402x.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/CleanShot-2024-08-26-at-11.43.33%402x.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/CleanShot-2024-08-26-at-11.43.33%402x.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/CleanShot-2024-08-26-at-11.43.33%402x.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/CleanShot-2024-08-26-at-11.43.33%402x.png?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":1068,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/12\/14\/ssh-security-made-easy-an-introduction-to-ssh-audit\/","url_meta":{"origin":1227,"position":3},"title":"SSH Security Made Easy: An Introduction to ssh-audit","author":"ugu5ma","date":"December 14, 2024","format":false,"excerpt":"ssh-audit is a powerful tool designed to help you assess the security of your SSH servers (and clients!). It provides detailed information about the server's configuration, supported algorithms, and potential vulnerabilities. In this guide, I'll walk you through the steps to install ssh-audit and run your first security tests. Secure\u2026","rel":"","context":"In &quot;Linux&quot;","block_context":{"text":"Linux","link":"https:\/\/www.cipv6.de\/worp\/index.php\/category\/linux\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/12\/SSHsecurity.jpg?fit=1024%2C1024&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":954,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2024\/08\/28\/secure-your-ssh-communication-with-certificates-based-authentication\/","url_meta":{"origin":1227,"position":4},"title":"Secure your SSH communication with certificates","author":"ugu5ma","date":"August 28, 2024","format":false,"excerpt":"How about securing your SSH-Server to only support login-attempts including a valid signed certificate from a trusted CA ? This sounds pretty cool, but there are a couple of pitfalls which should be outlined first: OpenSSH supports cert-based authentication since version 5.4 (in 2010) OpenSSH does not support x.509-certificates !\u2026","rel":"","context":"In &quot;Linux&quot;","block_context":{"text":"Linux","link":"https:\/\/www.cipv6.de\/worp\/index.php\/category\/linux\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.cipv6.de\/worp\/wp-content\/uploads\/2024\/08\/coverpicsshcert.jpeg?fit=1024%2C1024&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":538,"url":"https:\/\/www.cipv6.de\/worp\/index.php\/2020\/03\/20\/openssl-show-serial-and-issuer\/","url_meta":{"origin":1227,"position":5},"title":"Openssl: show serial-# and issuer","author":"ugu5ma","date":"March 20, 2020","format":false,"excerpt":"openssl s_client -connect cipv6.de:443 2>&1|openssl x509 -noout -serial -issuer serial=03839493CC06B9487E59A519EEDABC5FAE36 issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3","rel":"","context":"In \"security\"","block_context":{"text":"security","link":"https:\/\/www.cipv6.de\/worp\/index.php\/tag\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/posts\/1227","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/comments?post=1227"}],"version-history":[{"count":0,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/posts\/1227\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/media\/1228"}],"wp:attachment":[{"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/media?parent=1227"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/categories?post=1227"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cipv6.de\/worp\/index.php\/wp-json\/wp\/v2\/tags?post=1227"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}