• Wazuh is a free and open source security platform that unifies XDR and SIEM protection for endpoints and cloud workloads.
  • To communicate with Wazuh and send logs, we need to install a wazuh agent on the endpoint devices that creates a connection and sends logs.
  • First login to the Wazuh GUI and Click on the Wazuh Icon drop down box, then click on agents.



    Agents


  • On the new Agents window that loads, Click on the (+) Deploy new agent link.


    Deploy new Agents


  • On the new windows that appears, Select the options for the windows agents:
    a) Operating System - Windows
    b) Version - Windows 7+
    c) Architecture - i386/x86_64 (for our instance)
    d) Wazuh Server Address - input IP or FQDN of Wazuh server
    e) Agent Name - optional but recommended for easy device identification
  • Once all this has been filled, you can now go ahead and copy the command that wazuh provides for you and run it on powershell as an Administrator


    Command to Install Agent

  • Finally, once the agent is installed, input the next command provided to start the Wazuh Agent: Start Agents

  • Once this is done, Click on the Wazuh Icon drop down box, then click on agents, and wait for the endpoint to finally make a connection with the Wazuh Server.


    Agent Installed

  • Agent now Appears on the Agents Dashboard as Active on connection is made.
  • Repeat this process for devices you want to onboard and monitor on Wazuh.


    Agent InstalledStart Agents