1. You are here:  
  2. Home
  3. Blog
  4. Information Security
  5. Wazuh agent Configuration

Unveiling the Enigmatic: CIC Blog Insights

Wazuh agent Configuration

Information Security Hits: 69

How to configure the Wazuh agent and start the services:

About Wazuh:

Wazuh is an open-source security monitoring platform that enables businesses to quickly identify and address security risks and incidents. It was created to offer features for security information and event management (SIEM), intrusion detection, and vulnerability detection.

Step 1: Log in to the Wazuh server (Refer to the below URL to configure Wazuh server on a Linux machine)

https://documentation.wazuh.com/current/installation-guide/wazuh-server/step-by-step.html

Step 2:  Once signed in, click Deploy Agent , choose the OS, and provide the agent name.

Step 3: Type the Server address(192.168.xx.x)

Step 4: Give the agent name you wish to see in the Wazuh dashboard in the optional settings.(Here PC0001)

Step 5: Once you have provided this information, please use the ps1 script below to install and enroll the Wazuh agent.

Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.4.5-1.msi -OutFile ${env:tmp}\wazuh-agent.msi; msiexec.exe /i ${env:tmp}\wazuh-agent.msi /q WAZUH_MANAGER='192.168.xxx.xx' WAZUH_REGISTRATION_SERVER='192.168.xxx.xx' WAZUH_AGENT_GROUP='default' WAZUH_AGENT_NAME='PC0001' 

Step 6: Paste and execute this command in the administrator mode of the PowerShell script.

Step 7: Restart the services by

NET START WazuhSvc

Step 8: Restart the PC and refresh the Wazuh server. I'm hoping that the PC001 agent has been shown.

Step 9: If not, make sure to check the C:\Program Files (x86)\ossec-agent\win32ui.exe to see if it is running or stopped.

If it's stopped, see the authentication key is empty and then import it by using the PowerShell command below.

#& 'C:\Program Files (x86)\ossec-agent\agent-auth.exe' -m 192.168.xx.x(Server ip here)

This command imports the key.

Step 10: To enable the services, click Manage to start.

Remove the added agent:

Use the following command in the Wazuh server terminal to remove the added agent.

#sudo /var/ossec/bin/manage_agents

In order to delete the wazuh agent from the server, select the necessary wazuh id.

Note: If any modifications have been done, make sure to restart the services.

#sudo systemctl restart wazuh-manager

Services

Follow Us On

Useful Links

Registered Office

CHG IT CONSULTANCY PVT LTD

STPI Technology Incubation Centre,
2nd Floor, No.5, Rajiv Gandhi Salai,
Taramani, Chennai – 600113,
Tamil Nadu, INDIA

  info@cicgogo.com

Parent Office

CIC Corporation

2-16-4 Dogenzaka, Shibuya-ku,
Nomura Real Estate,
Shibuya Dogenzaka Building,
Tokyo 150-0043, JAPAN

  +81 03-3496-1571
  www.cichdgroup.com
AboutUs

CHG IT Consultancy Pvt. Ltd. is a subsidiary of CIC Holdings Co. Ltd. Japan. Our company is focused on IT related solutions to reap the benefits of global popularity of Software Industry.

Registered Office
CHG IT CONSULTANCY PVT LTD

STPI Technology Incubation Centre,
2nd Floor, No.5, Rajiv Gandhi Salai,
Taramani, Chennai – 600113,
Tamil Nadu, INDIA

info@cicgogo.com
CIC Corporation

2-16-4 Dogenzaka, Shibuya-ku,
Nomura Real Estate,
Shibuya Dogenzaka Building,
Tokyo 150-0043, JAPAN

+81 03-3496-1571
www.cichdgroup.com