Deploying a SIEM can seem like a daunting task, but there are programs that will make it super easy to setup and deploy. Whether you are using this for a HomeLab or using this in a commercial environment, you can have this up and running in no time at all. Regardless of environment where this is deployed, it will tell a story, nonetheless. It will show you things that you’ve overlooked in regard to security posture. It will also open your eyes to configuration options, how to make your devices compliant to various standards, and it will even monitor for threats in real time.
This is wazuh. There are two ways to setup and deploy this. You can set this up either in the cloud or on premises. I made the choice to set this up on premises. I have wanted to keep things in house and as local as possible. It is compatible with compliance methods such as PCI DSS, GDPR, HIPPA, TSC, and NIST 80053.
To install, follow this guide to install all the components to wazuh. They have various install methods. I chose to install this through docker. With the popularity that docker has, I decided to go this route so that I can keep it contained even further.