💻Pre Requestees

To setup our lab we need to have some sort of pre requirements. If you are planning to setup this lab on your own computer you must at least have 16GB of RAM and 100GB of disk space.

In this demo I will setup entire lab on my laptop. If you are using an Apple silicon you can use cloud option other wise you will be face some difficulties.

You can try VMware Fusion or Parallels

I have already installed the Oracle VM VirtualBox in my laptop. For this lab setup we need,

1. Ubuntu VM

2. Windows 10 or 11 VM

You can downlaod the above images form below links.

Download Ubuntu Desktop | UbuntuUbuntu

Download Ubuntu

Download Windows 11www.microsoft.com

Download Windows 11

I have already installed the Ubuntu on Oracle VM box.

Installing Ubuntu

Also I have installed the Windows 10 VM for this lab.

Installing Windows 10

For the windows 10 VM we have to download and install the windows Sysmon.

Sysmon - SysinternalsMicrosoftLearn

Download Sysmon

Also we need to have to download the Sysmon config file from the GitHub.

GitHub - olafhartong/sysmon-modular: A repository of sysmon configuration modulesGitHub

Sysmon Config file

Install the Sysmon in the windows 10 VM along with the configuration file which has downloaded above.

.\Sysmon64.exe -i .\sysmonconfig.xml

Install Sysmon

After installing the Sysmon, you can check Sysmon under the windows event log.

Event Viewer -> Application and Services Logs -> Microsoft -> Windows -> Sysmon

Sysmon in Windows Event Viewer

After successfully completing all of the above steps will start to install the Wazuh.

You have to configure the nextwork connectivity in between these two VMs. I have added both VMs in Internal network call soc and used same subnet.