Share
## https://sploitus.com/exploit?id=F60EDCA1-3AA0-58CC-8AFA-A4BA4188AE01
# πŸ›‘οΈ Wazuh Deployment & Vulnerability Monitoring PoC

## Overview

This Proof of Concept (PoC) demonstrates the deployment of a fresh Wazuh Manager instance, onboarding a new endpoint as a Wazuh Agent, and leveraging Wazuh's built-in vulnerability detection capabilities to identify security issues present on the monitored system.

The objective was to establish centralized security monitoring, verify agent communication, and review vulnerability insights generated by the platform.

---

# Step 1: Deploying the Wazuh Manager

For this setup, the Wazuh Manager was deployed on a Kali Linux machine (Debian-based).

Run the following command:

```bash
curl -sO https://packages.wazuh.com/4.14/wazuh-install.sh && bash ./wazuh-install.sh -a
```

This automated installation script deploys the complete Wazuh stack, including the manager, indexer, and dashboard components, making the environment operational with minimal manual configuration.

Once the installation completes:

* Open the Wazuh Dashboard using the displayed IP address.
* Save the generated username and password for future access.

In some environments, firewall rules may prevent access to the dashboard. If required, allow HTTP and HTTPS traffic:

```bash
ufw allow 443/tcp
ufw allow 80/tcp
```

---

# Step 2: Deploying a New Agent

To begin monitoring an endpoint, navigate to **Agents β†’ Deploy New Agent** in the Wazuh Dashboard and configure the deployment settings according to your target system.

In this demonstration, the monitored endpoint is another Kali Linux machine using the **DEB ARM64** package format.

![1](W/1.png)

After selecting the appropriate options, Wazuh automatically generates an installation command customized for the endpoint.

The generated command contains:

* The Wazuh Manager IP address
* The agent name
* The correct installation package for the selected operating system

Example:

```bash
wget https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.14.5-1_arm64.deb && sudo WAZUH_MANAGER='192.168.136.130' WAZUH_AGENT_NAME='NewAgent' dpkg -i ./wazuh-agent_4.14.5-1_arm64.deb
```

The `WAZUH_MANAGER` variable tells the agent where to send logs and security events, while `WAZUH_AGENT_NAME` identifies the endpoint within the Wazuh dashboard.

![2](W/2.png)

---

# Step 3: Starting the Agent Service

Once the package installation is complete, enable and start the Wazuh Agent service.

```bash
sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent
```

These commands:

* Reload systemd configurations
* Enable the service at boot
* Start the agent immediately

After a few moments, the endpoint should successfully register with the manager.

---

# Step 4: Verifying Agent Connectivity

If everything is configured correctly, the new agent will appear as **Active** in the Wazuh Dashboard.

This confirms that:

* Agent registration succeeded
* Communication with the manager is functioning
* Security telemetry is being collected and processed

![3](W/3.png)

---

# Step 5: Reviewing Vulnerability Detection Results

One of Wazuh's most useful capabilities is its built-in vulnerability detection engine. It continuously compares installed software against known CVE databases and generates alerts when vulnerable packages are detected.

For this test system, the results were surprisingly clean:

πŸ—Ώ Only **1 High** and **1 Medium** severity vulnerability were identified.

![4](W/4.png)

The dashboard provides a quick overview of detected vulnerabilities, severity distribution, and affected assets.

---

# Step 6: Exploring the Security Dashboard

The dashboard offers a centralized view of:

* Security alerts
* Vulnerability findings
* Agent health
* Compliance information
* Threat monitoring statistics

This provides a high-level understanding of the current security posture of the monitored environment.

![5](W/5.png)

---

# Step 7: Investigating Vulnerable Packages

The Inventory section provides detailed information regarding detected vulnerabilities and the affected software packages.

For this endpoint, Wazuh identified:

* CVE-2025-68616 affecting **weasyprint**
* CVE-2026-40606 affecting **mitmproxy**

The inventory view makes it easy to identify vulnerable components and prioritize remediation activities.

Fixing them can wait for another day. 😎

![6](W/6.png)

---

# Conclusion

This PoC successfully demonstrated:

βœ… Deployment of a fresh Wazuh Manager

βœ… Agent onboarding and registration

βœ… Endpoint monitoring

βœ… Vulnerability detection and inventory analysis

βœ… Dashboard-based security visibility

Wazuh provides a powerful open-source platform for security monitoring, vulnerability management, compliance tracking, and threat detection, making it an excellent choice for both homelabs and enterprise environments.

---

## Final Thoughts

This PoC demonstrates how quickly Wazuh can be deployed to establish centralized security visibility across endpoints. From agent onboarding and asset inventory collection to automated vulnerability detection, Wazuh provides a powerful open-source platform for monitoring and improving an organization's security posture.

Although this walkthrough focuses on a simple lab environment, the same workflow scales directly into enterprise environments where security teams continuously monitor assets, investigate alerts, track vulnerabilities, and maintain compliance requirements.

Developing hands-on experience with platforms like Wazuh is valuable for anyone interested in:

* SOC Analysis
* Security Engineering
* Threat Hunting
* Vulnerability Management
* Security Monitoring
* Incident Response

As environments grow, having centralized visibility into systems and vulnerabilities becomes increasingly importantβ€”and Wazuh helps bridge that gap effectively.

---

## πŸ‘‹ Outro

If this walkthrough helped you, feel free to connect with me:

**GitHub:** https://github.com/AdityaBhatt3010

**LinkedIn:** https://www.linkedin.com/in/adityabhatt3010/

**Medium:** https://medium.com/@adityabhatt3010

More writeups soon β€” cleaner, deeper and slightly unhinged πŸ—ΏπŸ”₯

If you found this useful, consider ⭐ starring my repositories and following my cybersecurity journey.

---