Wazuh Installation Guide

admin

Built a home lab using Wazuh SIEM with Ubuntu as the Manager and Windows as the Agent. Below are the main steps.

1. Install Wazuh Manager (Ubuntu)

Add GPG Key:

curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | sudo gpg --dearmor -o /usr/share/keyrings/wazuh-archive-keyring.gpg

Download and Install:

curl -sO https://packages.wazuh.com/4.12/wazuh-install.sh && sudo bash ./wazuh-install.sh -a -i

Check Ubuntu IP:

ifconfig

Access Dashboard:

https://<Ubuntu-IP>

2. Install Wazuh Agent (Windows)

  • Download the Wazuh Agent MSI (Windows)
  • Install using default settings

3. Register Agent with Manager

On Ubuntu (Manager):

sudo /var/ossec/bin/manage_agents
  • Press A → Add agent
  • Press E → Extract key
  • Copy the generated key

On Windows:

  • Open Wazuh Agent Manager
  • Paste the key
  • Add Manager IP address
  • Restart the agent service

4. Enable File Integrity Monitoring (Windows)

Edit:

C:\Program Files (x86)\ossec-agent\ossec.conf

Add:

<directories realtime="yes">C:\Users\abc\Test</directories>

Restart Wazuh Agent service.

5. Verify Setup

  • Open Wazuh Dashboard
  • Ensure Agent status is Active
  • Create/modify/delete files in monitored folder
  • Confirm alerts appear in dashboard

Full Video Guide:

Guide PDF: https://drive.google.com/file/d/1CDwjb5nSMaP73q2W-znWQpI6523oPxlI/view

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *