Wazuh – Open-source security platform

Posted by LorenDB 10/28/2024

Wazuh – Open-source security platform(wazuh.com)

110 points | 59 commentspage 2

RecycledEle 11/1/2024|

As a teacher, I love explaining how professional most IT security software is. I go over several acronyms for various software packages.

Then I ask the class to guess at where Wazuh's name came from.

It's not a concept from The Art of War in the original Chinese.

It's not an ancient Samurai motto.

It's from "Up you wazuh"

ris 10/31/2024||

Just Say No to "endpoint security"

bigblackrooster 10/30/2024||

What is the good alternative to this? McAffee? AVAST? Kaspersky?

ris 10/31/2024|

Nothing?

jaderobbins1 10/30/2024||

Can some folks in the cybersecurity arena recommend some good email newsletters, websites, blogs, accounts, etc to follow to keep up in the space?

ziddoap 10/30/2024||

Any specific areas of interest?

Some mailing lists at [1], like oss-security & kernel-hardening. CISA (Cybersecurity and Infrastructure Security Agency) [2] has a few different areas they report on. Mozilla has the dev-security-policy mailing list for all things PKI (public key infrastructure) [3], and a few other lists as well. There's the Full Disclosure [4] mailing list for vulnerabilities/exploits, etc. Quite a few others at [5], though sadly many are no longer active.

[1] https://openwall.com/lists/

[2] https://www.cisa.gov/about/contact-us/subscribe-updates-cisa

[3] https://groups.google.com/a/mozilla.org/g/dev-security-polic...

[4] https://seclists.org/fulldisclosure/

[5] https://seclists.org/

alligatorplum 10/30/2024|||

I have slowly been aggregating various blogs in the cybersec realm at https://securityblogs.xyz/

I add new blogs as I run into them on twitter/reddit/HN/etc

lormayna 10/30/2024||

Do you have an OPML feed for that?

alligatorplum 10/30/2024||

I do not, but I can add that later today.

lormayna 10/30/2024||

That's would be great :)

alligatorplum 10/30/2024||

Done. Give it a try!

lormayna 10/31/2024||

It works! Thank you :)

xnorswap 10/30/2024|||

I'm not in cyber but "Risky Business" ( https://risky.biz/ ) is a good podcast to keep up to date.

They always have a lot of outgoing links in their show-notes that should get you started with the rest.

danfoxley 10/31/2024|||

Podcast https://isc.sans.edu/podcast.html

Carbonade 10/30/2024|||

This blog is nice https://blog.badsectorlabs.com/

InfoSecErik 10/30/2024|||

https://tldrsec.com/

Sytten 10/30/2024||

You have different areas of security. Sadly our space is full of grifters and wanna be security "experts". For a very technical security podcast I recommend Critical Thinking Bug Bounty [1].

[1] https://www.criticalthinkingpodcast.io/

dengolius 11/1/2024||

What about adding compatibility with VictoriaLogs instead of using Elasticsearch/OpenSearch?

stevenAthompson 10/30/2024|

When I see a project of this complexity advertise itself as "open source' these days my first thought is the rug pull. Will this STAY free, or turn into an eventual cash grab one it's insinuated itself so deeply into your environment that it would be hard to replace?

KetoManx64 10/30/2024||

Well your other choice is you pay for a non open source SIEM that's $10 per endpoint per month and cross your fingers that they don't do a rugpull and start charging you $20 after it's insinuated itself into your environment is hard to replace..

With an Open Source project you at least have the possibility that if it has enough users and companies using it then someone will fork the code if the company ever makes it closed source and keep the project going.

mapontosevenths 10/30/2024||

The increase from $10 to $20 is 100%. The increase from $0 to $10 is infinity%, but I take your point.

I'm probably just still a little bitter about the recent Bitwarden open source rugpull.

pphysch 10/30/2024||

My first thought isn't the "rug pull" but rather that the real product being produced by the "FOSS company", from the get go, are the expensive support contracts.

Two different business models:

- Sell a great+differentiated product, support is ~free and rarely needed

- Give a away a terrible product (usually an over-engineered CRUD), constant $upport is required to use it effectively