Mastering Wazuh: A Step-by-Step Guide to Configuring Email Alerts

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys welcome back to enr laabs today we're going to cover some Wasa email alerting um this isn't going to use an actual internet email server I have post fix installed um but it's going to replicate what you need to have for your email alerts um yeah so let's Jump Right In so I've got the Linux Box open and up and running and we're going to need to make some changes um to the OS set. comp file and then we're going to adjust the alert level I think the alert level is set at 12 but we're going to bring that down um that way you know we can do some testing alerts at like six you probably want to keep it up at 10 or something but uh if you need to do that it's a good way to like just do some basic commands or some trading a user or failed login on the wuzu server um to see if you're actually getting mail take a drink some coffee there and let's get going so let's dump into rout here and let's actually we're going to Nano our it uh I always forget that second one bar o Etc o all right so we're going to open this file up here and then we're going to make some adjustments [Music] to some of these settings in here so like I said before I have OAC install or postfix installed so this Linux box does have a local email server I'm just going to deliver mail to myself um you could could change postfix to send mail to you know Outlook or officer 65 or Gmail box or whatever you want to do uh there'd be some other configurations and some SMTP authentication settings you'd need to to to tweak but um that's a little bit outside the scope of the video so we'll just we'll just keep this going so let's uh we need to do email notifications we need to set that to yes so let's go down in this configure we'll find email notifications we're going to set that to Yes um and then on this SMTP server that would be like normally you know if you were sending it uh into you know an outside email relay or inside you know it could be SMTP whatever that is for your uh email server I'm going to use Local Host because that's where my email is email server is and we're going to do the from so email from we'll do uh Wu alerts at Local Host it's not going anymore um and email 2 is going to be just going to deliver it to root at localhost and then emails uh Max per hour uh 12 is fine but you could adjust that if you want more you want less um especially you have a a really noisy Sim you might want to adjust that a little bit more down um let's look at some other stuff here so another adjustment we probably want to make is since we're going to be testing is this email alert level right now currently it's set to 12 so if it's not a 12 it's not going to send an email alert I'm I'm going to bring that down to like five just for uh right now and a sense just so we can do some testing and make sure we're getting email alerts and then we will uh we will exit this control X yes we'll save it and then the next thing we're going to have to do is we we do need to um uh restart the was who manager so we'll get that and there shouldn't if it if this doesn't restart then we've got some errors in that com file so just an FYI if it doesn't restart for you you're you probably have uh some kind of misconfiguration in that file all right so that restarted um I'm going to exit here real quick actually let's go back sorry I know I have some EMA I know I have mail under this right now um let's look at one I think that was yeah that was just a minute ago but let's Fire Let's fire off another one here just so we know it's working so I'm I'm just going to exit out all this open back up command and then I'm going to try to pseudo into this box but with bad passwords and we should get an alert not only on the wuzu dashboard but we should get an alert I'll go back in here log actually in correctly so on our on our Wu dashboard here we should you guys are seeing that here let's go to alerts oh I've got it filtered sorry sometimes you get I miss this where I've got it filtered on something uh so yeah we're on regular events and we should be able to see yeah three failed attempts to run pseudo on agent uh ubuntu1 and that rule level was a 10 so that should have fired off an alert for us let's go back to the Box um and then hit mail and we should now if you had Outlook open you should get an Outlook email something on your phone but as you can see right there this is this is a new one um that we have so let's replay one and it should tell us uh what the alert was actually excuse me that wasn't it all right oh 31 let's see here what time is it yeah there it was yeah so it was the last one of that chain sorry not super familiar with the mail command on you bun too I don't really use it too much so yeah here's our here's our mail message you would have normally got so went to rooe it Local Host like we set up uh the emails from Wasa alerts uh localhost and then our notification is there's three failed attempts to run pseudo um on that box so we are getting emailers so in a nutshell that's that's it that's pretty pretty simple little lab today um but I wanted you guys to be able to set that up for yourself in your own personal lab or at work whatever you're using um like I said if you're doing if you're going to send email to like an SMTP server that requires authentication you're going to have to set up some kind of mail relay between Wasa and your email provider that so it can actually authenticate or at least send mail on your behalf so just to just to Cave you can do that here with postfix I just didn't um I'm just using the internal mail Mail system but um yeah so I've got a couple other videos coming soon in the next couple days and I really appreciate all the new Subs that are coming on um going to plan on doing some live streams soon um haven't decided totally what show to do but if you guys have some suggestions want me talk about something um or lab something um live stream let me know we can I take suggestions we'll see what we can do anyways appreciate you guys and uh have a good day

Info

Channel: Unreal Labs

Views: 7,257

Rating: undefined out of 5

Keywords: Wazuh, SIEM, Security, Installing Wazuh server, installing wazuh on linux, how to install Wazuh, Log management, Networking, network, network security, Cybersecurity training, Training, network training, ccna security, ccna, unreal labs, unreal-labs, IDS, Intrustions, Intrusion monitoring, Security for your network, Opensource, open source software, labbing, VMWare, Cloning a VM in VMWare Workstation, gns3, wazuh email alerts, configuring wazuh email alerts, Wazuh email, Alerts

Id: dSHJ_u02qGc

Channel Id: undefined

Length: 8min 35sec (515 seconds)

Published: Tue Oct 17 2023