aleemladha.wazuh_server_install

Panoramica Versioni Approfondimenti

Ansible Role to Install Wazuh SIEM Unified XDR and SIEM Protection with SOC Fortress Rules

Why Use Wazuh with SocFortress Rules: SocFortress Blog

The goal of this repository is to offer the Wazuh community improved detection rules that are more precise and informative, drawn from various sources.

Here’s why:

  • Detection rules can be complicated, and we believe everyone should access a robust and evolving set of rules.
  • Wazuh is a good Endpoint Detection and Response (EDR) agent, but we think its default rules are not strict enough. We want to create a strong collection of Wazuh rules that the community can use and expand as new threats emerge.
  • Cybersecurity is challenging enough; let’s collaborate! :smile:

Ansible Role: Wazuh SIEM Deployment

This is an Ansible role that installs the Wazuh SIEM on a Linux system. The password is automatically generated and shown in the logs by default. If needed, you can manually set it using the variable wazuh_admin_password.

Requirements

None.

Role Variables

Here are the available variables with default values (check defaults/main.yml):

  • Wazuh installation script URL
    • wazuh_install_script_url: "https://packages.wazuh.com/4.7/wazuh-install.sh"
  • SOCFORTRESS Wazuh rules script URL
    • socfortress_rules_script_url: "https://raw.githubusercontent.com/aaladha/Wazuh-Rules/main/wazuh_socfortress_rules.sh"
  • (Optional) Force admin password
    • wazuh_admin_password: Wazuh-123

Example Playbook

- hosts: wazuh-siem
  roles:
    - aleemladha.wazuh_server_install

Example Ludus Range Config

ludus:
  - vm_name: "{{ range_id }}-wazuh-siem"
    hostname: "{{ range_id }}-wazuh-siem"
    template: kali-x64-desktop-template
    vlan: 20
    ip_last_octet: 2
    ram_gb: 8
    cpus: 4
    linux: true
    testing:
      snapshot: false
      block_internet: false
    roles:
      - aleemladha.wazuh_server_install
    role_vars:
      wazuh_admin_password: Wazuh-123

Ludus Setup

# Add the role to your Ludus host
ludus ansible roles add aleemladha.wazuh_server_install

# Save your configuration to a file for a VM
ludus range config get > config.yml

# Edit the config file to add the role to the VMs you want as Wazuh SIEM servers
ludus range config set -f config.yml

# Deploy the range and get access to the Wazuh SIEM
ludus range deploy

# By default, the username and password are generated automatically, but you can view them using:

ludus range logs -f

You'll see output like:

ok: [SCCM-wazuh] => {
    "msg": [
        "Username: admin",
        "Password: 8DWmsgBD9*ICMqv?8xnyInr?IMqerI*7"
    ]
}

Once deployed, you can access the Wazuh UI at https://<IP>:<port>.

Ludus Game of Active Directory (GOAD) Wazuh Setup

ludus:
  - vm_name: "{{ range_id }}-GOAD-DC01"
    hostname: "{{ range_id }}-DC01"
    template: win2019-server-x64-template
    vlan: 10
    ip_last_octet: 10
    ram_gb: 4
    cpus: 2
    windows:
      sysprep: true
  # Other VM configurations follow similar format...

License

Apache-2.0

Author Information

This role was created by Aleem Ladha.

Resources/Credits

Informazioni sul progetto

Install WAZUH SIEM and enhanced with SOC FORTRESS Rules

role wazuh siem ansible soc fortress
Installa
ansible-galaxy install aleemladha.wazuh_server_install
GitHub repository
24 stelle
6 fork
0 problemi aperti
Licenza
Unknown
Download
247
Proprietario