/ELK-SIEM

Creating a Elasticsearch + Kibana SIEM

MIT LicenseMIT

ELK-SIEM + Wazuh Deployment Guide

  • Creating an Elasticsearch + Kibana + Wazuh SIEM

These documents are going to show you how I setup my ELK-SIEM + Wazuh workstations. This process can take a bit to complete and some parts are just import and you are done. Now these installs are two different devices, which are similar. While very different with how you ingest data and install agents.

  • This process was setup on a VMware ESXI 6.7.OU3B and these machines are running 24/7.
  • Now if you wanna use that process then this setup guide is still the same.

I am trying to make this process simple are straight to the point. So that you can follow along and re-create the same setup that I have created.

Resource References:

What is Elasticsearch? https://www.elastic.co/guide/en/elasticsearch/reference/current/elasticsearch-intro.html

What is Kibana? https://www.elastic.co/guide/en/kibana/current/introduction.html

What is Wazuh? https://documentation.wazuh.com/4.0/index.html

Required Software

  • Hosting Server Software

  • ubuntu Server 18.04 & 20.04 LTS #Option 3 https://ubuntu.com/download/server

  • The Hypervisor that you use is up to you but, process is still the same.

  • You can use linux or windows for the base hypervisor install.

These two are optional below. You will need physical hardware to install.

Installation Guide ELK-SIEM Setup