A while ago, I had the opportunity to lead a practical session with a few of my students, where we explored the power and flexibility of Wazuh—a free, open-source security platform offering extended detection and response (XDR) and SIEM capabilities.
The goal of the session was to help them understand how Wazuh can be used to monitor system integrity, detect malware, and centralize security operations. Here's a detailed breakdown of what we covered during the lab:
✅ Deploying Wazuh & Integrating Agents
We started with deploying Wazuh and installing its agent on both Kali Linux and Windows OS systems in our lab environment. The students learned how to ensure the agent is properly connected and visible within the Wazuh dashboard.
✅ SSH Access for Easier Configuration
One of the key things I emphasized was the importance of SSH access to the Wazuh server. Since the Wazuh CLI doesn’t support easy copy-paste functionality, making changes or executing multiple commands can be tedious. By SSHing into the Wazuh server from either Kali Linux or Windows, students could seamlessly copy and paste configuration commands—dramatically improving efficiency during setup and troubleshooting.
✅ Changing the Wazuh Admin GUI Password
A critical security aspect I demonstrated was how to change the Wazuh admin GUI password. As this cannot be done directly from the GUI interface, I walked them through the proper process using the Wazuh CLI. This highlighted the importance of CLI proficiency when managing SIEM tools like Wazuh.
✅ File Integrity Monitoring (FIM)
Next, we moved on to one of Wazuh's most powerful features—File Integrity Monitoring. I guided the students in setting up FIM on the Downloads directory of Kali Linux. Once configured, Wazuh started monitoring file changes in real-time.
We created and modified test files and observed how Wazuh instantly reported those changes. Impressively, the system not only flagged that a change had occurred but also showed precisely what was modified—a critical feature for forensic investigations and compliance tracking.
✅ VirusTotal Integration & Malware Detection
To extend Wazuh's capabilities, we integrated VirusTotal by adding API keys to our configuration. This enabled Wazuh to scan files against VirusTotal’s extensive malware database.
To test this integration, we downloaded the EICAR test file—a harmless file used to test malware detection systems. Wazuh, now integrated with VirusTotal, flagged the file as malware and automatically removed it upon detection. This real-time response to malware threats reinforced the power of Wazuh in endpoint protection.
✅ Student Assignment: Windows FIM Setup
To wrap up the session, I assigned a practical challenge: each student was to replicate the File Integrity Monitoring setup and VirusTotal integration—but this time on their Windows operating system. This not only ensured they could apply what they learned independently but also gave them the opportunity to explore platform-specific nuances.
Final Thoughts
This session showcased just a few of the powerful capabilities that Wazuh offers for security operations. From agent management and file monitoring to malware detection and real-time alerting, Wazuh provides a unified platform that’s both accessible and deeply customizable.
For students and professionals stepping into the world of cybersecurity and SIEM tools, hands-on experience like this is invaluable. I’m glad to have been able to guide them through this and look forward to seeing how they build on these skills in the future.
Top comments (0)
Some comments may only be visible to logged-in visitors. Sign in to view all comments.