top of page

console.log("Wazuh SIEM Lab");

Screenshot 2024-05-13 143216_edited.jpg

This project will continue to get updated with new guides and tutorials, to get updates regarding these, connect with me on LinkedIn and I will post on there when I add new content! Also connect with me on there to let me know what you think of the project or anything that you would like to see/change with it!

Summary:
This tutorial guides you through setting up a comprehensive cybersecurity Lab using VMware Workstation Pro. You will create virtual machines (VMs) for pfSense (a firewall/router), Wazuh (a SIEM solution), and Ubuntu (a client machine). This setup will provide a functional environment for testing, learning about network security, and monitoring in a controlled environment. By the end, you'll have a networked environment to simulate attacks, monitor responses, and explore cybersecurity tools.

Install VMware Workstation Pro
1. Visit Broadcom's Homepage.
2. Click on Support Portal in the top right corner and log in (create an account if needed).
3. After logging in, click the dropdown next to your name and select VMware Cloud Foundation.
4. In the left sidebar, click My Downloads.
5. Find VMware Workstation Pro from the product list.
6. Select the most recent version for personal use.
7. Click Download, complete the verification steps, and download the installer.
8. Run the downloaded .exe file to begin the installation.
9. During setup, choose "Run for personal use."

Create pfSense VM
1. Go to the pfSense download page.
2. Create an account, add the pfSense ISO for personal use to your cart, and proceed to checkout.
3. Download the ISO file from the link provided in the confirmation email and unzip it.
4. In VMware Workstation Pro, click Create a New Virtual Machine.
5. Choose "Typical" setup and select the downloaded pfSense ISO.
6. On the final setup screen, click Customize Hardware:
o Set Processors to 2 cores.
o Set Memory to 4 GB (or as close as possible if resources are limited).
o Configure Network Adapters:
 Set the first adapter to "Bridged" or "NAT."
 Add a second adapter connected to a custom LAN network (e.g., named GREEN).
7. Complete the VM creation and power it on.
8. Follow the on-screen instructions to install pfSense with default settings.
9. Reboot the VM after installation.
10. On the pfSense console, select Option 2 to configure the LAN interface:
o Assign a Class C IP address (e.g., 192.168.1.1).
o Enable DHCP for IPv6.
o Do not enable HTTP for the web configurator; use HTTPS for security.

Create Ubuntu VM for Wazuh
1. Repeat the VM creation steps, but this time use the Ubuntu Desktop ISO from Ubuntu's website.
2. Ensure the network adapter is connected to the internal network (GREEN).
3. Complete the Ubuntu installation.
4. Verify the internet connection by opening Firefox and visiting a website or by pinging an external IP (e.g., ping 1.1.1.1).
5. Go to Wazuh’s website and follow the Quickstart Guide in their documentation to install Wazuh. The guide is detailed and user-friendly.
6. After installation, log into the Wazuh web interface using the credentials created during setup.

Create an Additional Ubuntu VM as a User Machine
1. Create another Ubuntu VM following the same steps as above.
2. Connect the VM to the internal network (GREEN).
3. Complete the Ubuntu installation.
4. This VM will serve as a user machine for testing purposes.

Install Wazuh Agent on the User Machine
1. Log in to the Wazuh server’s web interface.
2. Navigate to Server Management > Endpoints Summary.
3. Follow the instructions provided to install a new agent on the Ubuntu client machine.
4. Use the commands and scripts provided to register and configure the agent properly.

Optimize VM Tools for Better Usability
1. To improve VM performance and enable copy-paste between your host and VMs, run the following command on each Ubuntu VM:

sudo apt-get install open-vm-tools-desktop -y

2. Restart each VM after installation to apply changes.

Final Notes and Customization
• Congratulations! You now have a functional Lab with pfSense as a firewall/router, a Wazuh SIEM server, and a client machine with a Wazuh agent installed.
• You can add more VMs with different operating systems (e.g., other Linux distributions, Windows, or macOS) to simulate various environments and expand your testing capabilities.
• This setup allows you to explore network security monitoring, incident response, and other cybersecurity practices in a safe and controlled environment.
By following these steps, you’ll have a robust lab environment for learning and experimenting with cybersecurity tools and concepts.

bottom of page