Soluții pentru problemele tale IT
Poți să-ți personalizezi aspectul conversațiilor din WhatsApp schimbând culorile și fundalul bulelor de chat. Ai la dispoziție teme predefinite, dar și opțiunea de a seta o imagine nouă ca fundal sau de a combina mai multe variante.
[mai mult...]Recent, Apple a lansat iOS 18.4, care aduce funcționalitățile Apple Intelligence și în Europa, după ce au fost inițial disponibile doar în anumite regiuni din lume. Acest update include o serie de funcții avansate, printre care se numără Image Playground, îmbunătățiri ale asistentului Siri, și integrarea cu ChatGPT pentru a detecta obiecte în poze.
[mai mult...]Locate Customer ID Access the DFIR-IRIS dashboard using an administrator account, then go to Advanced > Customers and choose the customer you wish to integrate. Record the Customer ID.
Retrieve API Key Get the API key for the current DFIR-IRIS user by clicking on the username and choosing My settings. Copy this API key and keep it safe for integrating the Wazuh server.
Create and Configure the Integration Script
Create a script file named /var/ossec/integrations/custom-wazuh_iris.py and add the script to forward alerts to DFIR-IRIS.
Modify the script by setting the alert_source_link to the Wazuh dashboard IP address and the alert_customer_id to the ID of the customer as it appears on the DFIR-IRIS dashboard.
Set the ownership and permissions of the /var/ossec/integrations/custom-wazuh_iris.py file:
chmod 750 /var/ossec/integrations/custom-wazuh_iris.py
chown root:wazuh /var/ossec/integrations/custom-wazuh_iris.py
Configure Wazuh Add the following configuration to the /var/ossec/etc/ossec.conf file to send alerts to DFIR-IRIS:
<ossec_config>
<integration>
<name>custom-wazuh_iris.py</name>
<hook_url>https://<IRIS_IP_ADDRESS>/alerts/add</hook_url>
<level>7</level>
<api_key><IRIS_API_KEY></api_key>
<alert_format>json</alert_format>
</integration>
</ossec_config>
Make sure to replace <IRIS_IP_ADDRESS> with the actual IP address of your IRIS instance and <IRIS_API_KEY> with your IRIS API key. You can adjust the <level> to the desired threshold for alerts.
Restart Wazuh Manager Restart the Wazuh manager to apply the changes.
service wazuh-manager restart1. Install the Wazuh server The Wazuh server is the central component that collects and analyzes data from Wazuh agents. It consists of the Wazuh manager and Filebeat. The Wazuh manager analyzes data and triggers alerts, while Filebeat forwards alerts and archived events to the Wazuh indexer.
You’ll need root user privileges to run the commands.
Add the Wazuh repository:
For RPM-based systems (CentOS, Red Hat, etc.):
rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
echo -e '[wazuh]\ngpgcheck=1\ngpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH\nenabled=1\nname=EL-$releasever - Wazuh\nbaseurl=https://packages.wazuh.com/4.x/yum/\nprotect=1' | tee /etc/yum.repos.d/wazuh.repo
For Debian-based systems (Ubuntu, Debian, etc.):
apt-get install gnupg apt-transport-https
curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg
echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list
apt-get update
Install the Wazuh manager package using your system’s package manager.
Alternatively, use the Wazuh installation assistant:
curl -sO https://packages.wazuh.com/4.11/wazuh-install.sh
bash wazuh-install.sh --wazuh-server <node_name>
Replace <node_name> with the name used in config.yml.
Disable Wazuh updates to prevent accidental upgrades by executing the following commands:
For RPM-based systems:
sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo
For Debian-based systems:
sed -i "s/^deb /#deb /" /etc/apt/sources.list.d/wazuh.list
apt update
Install the Wazuh indexer The Wazuh indexer is a scalable full-text search engine that provides security, alerting, and performance analysis.
First, generate SSL certificates:
curl -sO https://packages.wazuh.com/4.11/wazuh-certs-tool.sh
curl -sO https://packages.wazuh.com/4.11/config.yml
Edit ./config.yml to replace node names and IPs.
Run the certificate tool:
bash ./wazuh-certs-tool.sh -A
Compress the certificate files:
tar -cvf ./wazuh-certificates.tar -C ./wazuh-certificates/ .
rm -rf ./wazuh-certificates
Copy the wazuh-certificates.tar file to all nodes.
Install any missing package dependencies:
For RPM-based systems:
yum install coreutils
For Debian-based systems:
apt-get install debconf adduser procps
Add the Wazuh repository (see step 1).
Install the Wazuh indexer package.
Install the Wazuh dashboard The Wazuh dashboard provides a web interface for visualizing and managing your security data.
Install any missing packages:
yum install libcap
Install the Wazuh dashboard package:
yum -y install wazuh-dashboard
Configure the Wazuh dashboard by editing /etc/wazuh-dashboard/opensearch_dashboards.yml5.
Deploy the certificates:
NODE_NAME=wazuh-demo
mkdir /etc/wazuh-dashboard/certs
tar -xf ./wazuh-certificates.tar -C /etc/wazuh-dashboard/certs/ ./$NODE_NAME.pem ./$NODE_NAME-key.pem ./root-ca.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME.pem /etc/wazuh-dashboard/certs/dashboard.pem
mv -n /etc/wazuh-dashboard/certs/$NODE_NAME-key.pem /etc/wazuh-dashboard/certs/dashboard-key.pem
chmod 500 /etc/wazuh-dashboard/certs
chmod 400 /etc/wazuh-dashboard/certs/*
chown -R wazuh-dashboard:wazuh-dashboard /etc/wazuh-dashboard/certs
ll /etc/wazuh-dashboard/certs/
Enable and start the Wazuh dashboard service:
systemctl daemon-reload
systemctl enable wazuh-dashboard --now
Install and configure Wazuh agents Deploy Wazuh agents to the endpoints you want to monitor. These agents collect data and send it to the Wazuh server for analysis.
Access the Wazuh web UI Open Kibana in your web browser and navigate to the Wazuh app to view dashboards and alerts.
After installing the Wazuh server and agents, you can monitor and manage your IT environment’s security, customize rules, analyze logs, and configure compliance policies.
[mai mult...]