Skip to content

Commit

Permalink
new blog
Browse files Browse the repository at this point in the history
  • Loading branch information
sivolko committed Jan 1, 2025
1 parent 40cf2e4 commit 6544e06
Show file tree
Hide file tree
Showing 62 changed files with 1,468 additions and 382 deletions.
63 changes: 63 additions & 0 deletions _posts/2025-01-01-wazuh's-big-move-from-elasticsearch-to-opensearch.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
---
layout: post
title: Wazuh's Big Move:From Elasticsearch to OpenSearch
subtitle: Why it matters?
description: Enhance your security operations with wazuh for real time threat detection and complicane using open source SIEM wazuh using docker with kali.
image: https://res.cloudinary.com/hugs4bugs/image/upload/v1735713838/IMG_5316_vrb0rb.jpg
optimized_image: https://res.cloudinary.com/hugs4bugs/image/upload/v1735713838/IMG_5316_vrb0rb.jpg
author: Shubhendu Shubham
date: 2025-01-01 00:00:00 Z
category: security
tags:
- Cyber Security
- SIEM
- blueteam
- soc
---
Before, we jump to our topic let's recall what wazuh is? It's a popular open source security monitoring platfrom . It's HIDS aka host based intrusion Detection system. HIDs a Host-based Intrusion Detection System monitors and analyzes the internals of a computing system rather than the network packets on its external interfaces. It focuses on detecting unauthorized access and malicious activities on individual hosts or devices.

Wazuh has shifted to opensearch from elasticsearch since version4.3 and current version is 4.9.2 . So let's break down why it happened and how cybersecurity professional get benifited.

1. **Licensing Issues**

- Initially, Elasticsearch was a favorite among many open-source projects because it was licensed under Apache 2.0. This license is very permissive, allowing anyone to use, modify, and distribute the software freely.

- However, Elasticsearch’s parent company, Elastic, decided to change the license to SSPL (Server Side Public License). This new license is more restrictive, especially for cloud service providers. It imposes additional rules on how the software can be used, which made it less attractive for open-source projects like Wazuh.

2.**OpenSearch**

- In response to these changes, OpenSearch was created. OpenSearch is a fork of Elasticsearch, meaning it started as a copy of Elasticsearch’s code but has since developed independently.

- OpenSearch remains under the Apache 2.0 license, which is much more open and friendly for community-driven projects. This means that anyone can continue to use, modify, and share OpenSearch without worrying about the restrictive terms of SSPL.

- OpenSearch, on the other hand, is a community-driven project. This means it actively encourages contributions from a wide range of developers and organizations. The community-driven approach fosters innovation and ensures that the project evolves based on the needs and inputs of its users.

- Wazuh wanted to be part of this vibrant and collaborative community. By aligning with OpenSearch, Wazuh can benefit from the collective expertise and contributions of the broader open-source community.

3.**Features and Compatibility**

Elasticsearch:

- Despite the licensing changes, Elasticsearch still offers a robust set of features. However, the restrictive license made it less appealing for open-source projects that rely on community contributions and open development

- For Wazuh, continuing with Elasticsearch under the new license would have meant dealing with potential legal and operational complexities

**OpenSearch**

- OpenSearch offers similar features to Elasticsearch, making it a viable alternative. This similarity ensures that Wazuh users can transition to OpenSearch without losing any critical functionality

- Wazuh has even developed its own version of OpenSearch to ensure full compatibility and to leverage the active development and improvements made by the OpenSearch community.

**How Security Practitioners can be benified?**

1. Freedom to integrate 3rd party tools
2. Licensing Freedom
3. Improved Security Monitoring
4. Simplified Management
5. Community Contributions.
6. Future Proofing

**Conclusion**

For Security researchers, wazuh's move to openSearch means greater freedom, enhanced collaboration and access to a robust community driven platform.

18 changes: 9 additions & 9 deletions _site/2021-08-2-Understanding-basics-of-security/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -346,29 +346,29 @@ <h2>See also</h2>


<li>
<a href="/how-to-integrate-docker-scout-with-azure-container-registry/">
<a href="/Docker-101/">

<img src="https://res.cloudinary.com/hugs4bugs/image/upload/v1703441731/hugs4bugs/01-primary-blue-docker-logo_rl8tst.png">
<img src="https://th.bing.com/th/id/Rb3e6202f5356edebd8c8205623eef0f1?rik=2tDqbcLpDFguLg&riu=http%3a%2f%2fwww.shadowandy.net%2fwp%2fwp-content%2fuploads%2fdocker.png&ehk=d2o4OLvE5SZOjrajjCgOCdzXQ9xmehUy6vTEhPPFi3c%3d&risl=&pid=ImgRaw">

<h3>How to integrate Docker Scout with Azure Container Registry</h3>
<h3>Docker 101</h3>
</a>
</li>

<li>
<a href="/bulid-and-deploy-MERN-stack-in-Azure-cosmos-DB/">
<a href="/azure-networking-101/">

<img src="https://images.unsplash.com/photo-1504384308090-c894fdcc538d?ixid=MXwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHw%3D&ixlib=rb-1.2.1&auto=format&fit=crop&w=1500&q=80">
<img src="https://th.bing.com/th/id/Rb3e6202f5356edebd8c8205623eef0f1?rik=2tDqbcLpDFguLg&riu=http%3a%2f%2fwww.shadowandy.net%2fwp%2fwp-content%2fuploads%2fdocker.png&ehk=d2o4OLvE5SZOjrajjCgOCdzXQ9xmehUy6vTEhPPFi3c%3d&risl=&pid=ImgRaw">

<h3>Anyone can build: node.js+ Cosmos DB in Azure </h3>
<h3>Azure Networking 101</h3>
</a>
</li>

<li>
<a href="/access-management-101/">
<a href="/how-to-automate-tweets-via-github-actions/">

<img src="https://d3nn873nee648n.cloudfront.net/900x600/16347/120-SM692126.jpg">
<img src="https://images.pexels.com/photos/5744251/pexels-photo-5744251.jpeg?auto=compress&cs=tinysrgb&dpr=2&h=650&w=940">

<h3>Access Management 101.</h3>
<h3>Automate Twitter via github Actions.</h3>
</a>
</li>

Expand Down
18 changes: 9 additions & 9 deletions _site/Automation-with-Jenkins-and-Github/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -479,29 +479,29 @@ <h2>See also</h2>


<li>
<a href="/benifits-of-CI/">
<a href="/what-is-chat-gpt/">

<img src="https://cdn-images-1.medium.com/max/1600/1*-eHRhJcg-QPUws99xEDh6w.png">
<img src="https://images.pexels.com/photos/7108/notebook-computer-chill-relax.jpg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">

<h3>Benifits of CI/CD</h3>
<h3>What is chatGpt? How to use it?</h3>
</a>
</li>

<li>
<a href="/storing-and-managing-secrets-using-azure-vault/">
<a href="/How-to-onboard-your-Microsoft-Sentinel-from-scratch/">

<img src="https://images.unsplash.com/photo-1550439062-609e1531270e?ixlib=rb-1.2.1&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=800&q=80">
<img src="https://th.bing.com/th/id/OIP.4iyoklvcRYZRDAi1HOKt0gHaEW?w=271&h=180&c=7&r=0&o=5&pid=1.7">

<h3>Managing and Storing Secrets:Azure Vault.🙆</h3>
<h3>How to onboard your first Microsoft sentinel SIEM tool?</h3>
</a>
</li>

<li>
<a href="/waf-vs-firewall/">
<a href="/difference-between-WAF-and-IPS/">

<img src="https://images.pexels.com/photos/1714208/pexels-photo-1714208.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">
<img src="https://images.pexels.com/photos/5473298/pexels-photo-5473298.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">

<h3>WAF vs Firewall</h3>
<h3>WAF vs IPS</h3>
</a>
</li>

Expand Down
18 changes: 9 additions & 9 deletions _site/Docker-101/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -625,29 +625,29 @@ <h2>See also</h2>


<li>
<a href="/difference-between-WAF-and-IPS/">
<a href="/2021-08-2-Understanding-basics-of-security/">

<img src="https://images.pexels.com/photos/5473298/pexels-photo-5473298.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">
<img src="https://cdn.pixabay.com/photo/2017/11/19/23/56/hacking-2964100_960_720.jpg">

<h3>WAF vs IPS</h3>
<h3>Protection against Security threat on Azure.☠️</h3>
</a>
</li>

<li>
<a href="/living-without-passwords/">
<a href="/benifits-of-CI/">

<img src="https://cdn.pixabay.com/photo/2019/04/29/09/33/anonymous-4165613_1280.jpg">
<img src="https://cdn-images-1.medium.com/max/1600/1*-eHRhJcg-QPUws99xEDh6w.png">

<h3>Live without passwords</h3>
<h3>Benifits of CI/CD</h3>
</a>
</li>

<li>
<a href="/What-is-Microsoft-Defender-Threat-Intelligence(MDTI)/">
<a href="/send-email-with-Azure-logic-app/">

<img src="https://images.pexels.com/photos/10782398/pexels-photo-10782398.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">
<img src="https://d3nn873nee648n.cloudfront.net/900x600/19765/300-SM960337.jpg">

<h3>What is Microsoft Defender Threat Intelligence</h3>
<h3>Automate Email with Azure Logic App</h3>
</a>
</li>

Expand Down
12 changes: 6 additions & 6 deletions _site/Fundamentals-of-Network-security/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -494,20 +494,20 @@ <h3>WAF vs IPS</h3>
</li>

<li>
<a href="/What-is-Microsoft-Defender-Threat-Intelligence(MDTI)/">
<a href="/storing-and-managing-secrets-using-azure-vault/">

<img src="https://images.pexels.com/photos/10782398/pexels-photo-10782398.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">
<img src="https://images.unsplash.com/photo-1550439062-609e1531270e?ixlib=rb-1.2.1&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=800&q=80">

<h3>What is Microsoft Defender Threat Intelligence</h3>
<h3>Managing and Storing Secrets:Azure Vault.🙆</h3>
</a>
</li>

<li>
<a href="/kali-linux-vs-parrot-linux/">
<a href="/what-is-chat-gpt/">

<img src="https://cdn.pixabay.com/photo/2018/04/22/22/57/hacker-3342696_960_720.jpg">
<img src="https://images.pexels.com/photos/7108/notebook-computer-chill-relax.jpg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">

<h3>Kali Linux vs Parrot OS</h3>
<h3>What is chatGpt? How to use it?</h3>
</a>
</li>

Expand Down
18 changes: 9 additions & 9 deletions _site/How-to-install-Jenkins-on-Linux/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -433,29 +433,29 @@ <h2>See also</h2>


<li>
<a href="/living-without-passwords/">
<a href="/blue-team-vs-red-team-in-cyber-security/">

<img src="https://cdn.pixabay.com/photo/2019/04/29/09/33/anonymous-4165613_1280.jpg">
<img src="https://images.pexels.com/photos/1595385/pexels-photo-1595385.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">

<h3>Live without passwords</h3>
<h3>Blue Team vs Red Team</h3>
</a>
</li>

<li>
<a href="/Docker-101/">
<a href="/Automation-with-Jenkins-and-Github/">

<img src="https://th.bing.com/th/id/Rb3e6202f5356edebd8c8205623eef0f1?rik=2tDqbcLpDFguLg&riu=http%3a%2f%2fwww.shadowandy.net%2fwp%2fwp-content%2fuploads%2fdocker.png&ehk=d2o4OLvE5SZOjrajjCgOCdzXQ9xmehUy6vTEhPPFi3c%3d&risl=&pid=ImgRaw">
<img src="https://miro.medium.com/max/700/1*QTmgOmxLr78Ty_evSD_Riw.gif">

<h3>Docker 101</h3>
<h3>Automation with Jenkins and GitHub</h3>
</a>
</li>

<li>
<a href="/what-is-difference-between-ls-and-ls-lrt-command/">
<a href="/storing-and-managing-secrets-using-azure-vault/">

<img src="https://images.pexels.com/photos/4709289/pexels-photo-4709289.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">
<img src="https://images.unsplash.com/photo-1550439062-609e1531270e?ixlib=rb-1.2.1&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=800&q=80">

<h3>Do you use ls -lrt?</h3>
<h3>Managing and Storing Secrets:Azure Vault.🙆</h3>
</a>
</li>

Expand Down
18 changes: 9 additions & 9 deletions _site/How-to-install-threatmapper-in-kali-linux/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -486,29 +486,29 @@ <h2>See also</h2>


<li>
<a href="/What-is-Microsoft-Defender-Threat-Intelligence(MDTI)/">
<a href="/living-without-passwords/">

<img src="https://images.pexels.com/photos/10782398/pexels-photo-10782398.jpeg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">
<img src="https://cdn.pixabay.com/photo/2019/04/29/09/33/anonymous-4165613_1280.jpg">

<h3>What is Microsoft Defender Threat Intelligence</h3>
<h3>Live without passwords</h3>
</a>
</li>

<li>
<a href="/automate-multiple-loginfailure-alerts-response/">
<a href="/kali-linux-vs-parrot-linux/">

<img src="https://cdn.pixabay.com/photo/2019/04/29/09/33/anonymous-4165613_1280.jpg">
<img src="https://cdn.pixabay.com/photo/2018/04/22/22/57/hacker-3342696_960_720.jpg">

<h3>Automate Multiple Login failure alerts</h3>
<h3>Kali Linux vs Parrot OS</h3>
</a>
</li>

<li>
<a href="/how-to-automate-tweets-via-github-actions/">
<a href="/what-is-chat-gpt/">

<img src="https://images.pexels.com/photos/5744251/pexels-photo-5744251.jpeg?auto=compress&cs=tinysrgb&dpr=2&h=650&w=940">
<img src="https://images.pexels.com/photos/7108/notebook-computer-chill-relax.jpg?auto=compress&cs=tinysrgb&w=1260&h=750&dpr=1">

<h3>Automate Twitter via github Actions.</h3>
<h3>What is chatGpt? How to use it?</h3>
</a>
</li>

Expand Down
Loading

0 comments on commit 6544e06

Please sign in to comment.