Entware Wazuh! Opensource XDR and SIEM protection.

[DJones]

So just recently discovered wazuh a free Opensource XDR and SIEM protection platform, with additional modules that can use things like suricata IDS to additionally log and use. And it’s honestly pretty awesome, and would love to run the agent on my router as the wazuh server runs on my Proxmox server. It can monitor all your clients. (Except mobile devices unless Linux based)


So I was wondering if anyone’s managed to get this agent working on a asus router? Probably completely unnecessary, but it would be interesting. Their is no entware maintainer for it I believe.



Documentation: https://documentation.wazuh.com/cur...de/wazuh-agent/wazuh-agent-package-linux.html

Website:

Wazuh - Open Source XDR. Open Source SIEM.

Wazuh is a free and open source security platform that unifies XDR and SIEM protection for endpoints and cloud workloads.

wazuh.com

YouTuber explaining wazuh:

 

[jglad]

I have a similar setup (at least the wazuh server on proxmox part) with freshtomato firmware on my old netgear router (apologies if this reply is not Asus-centric enough). If there was a way to get the wazuh agent installed through entware, that would work well for people like me as well.

Until then, I'm going to attempt to get syslog working from the router to the wazuh server.

If anyone has done an Asuswrt/OpenWRT/DD-Wrt/FreshTomato/etc. to wazuh syslog setup, and they learned something helpful - I'm sure a few of us would be interested in hearing how you did it.