Surely you heard about Wazuh. Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. For details - visit https://wazuh.com/ . Target of this post to to deploy all services of Wazuh in a single server super fast, so without much effort you can deploy wazuh agent on your test systems to try wazuh.
So, lets start install dependencies on a freshly deployed Ubuntu instance.
sudo apt update && sudo apt install curl apt-transport-https unzip wget libcap2-bin software-properties-common lsb-release gnupg2
Plan is to deploy all in one server for Wazuh as per following diagram
So - let's start. Deploy Wazuh 4.5.x all in one system
curl -sO https://packages.wazuh.com/4.5/wazuh-install.sh && chmod 744 wazuh-install.sh && bash ./wazuh-install.sh -a
And you are done. Once install complete, it will show you the URL to access the dashboard and username and password.
Inside Dashboard, you will find option to add agent, which will give you command line to add agent on your endpoint. For Ubuntu 15.x endpoints, add agent using following command ( Just change the [Your Wazuh Server Address Here] part ). It will not only enable wazuh agent, also it will configure your wazuh agent for active response
curl -so wazuh-agent.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.4.1-1_amd64.deb && sudo WAZUH_MANAGER='[YOUR WAZUH SERVER ADDRESS HERE]' dpkg -i ./wazuh-agent.deb && echo "wazuh_command.remote_commands=1" >> /var/ossec/etc/local_internal_options.conf && sudo systemctl daemon-reload && sudo systemctl enable wazuh-agent && sudo systemctl start wazuh-agent