Today’s focus was expanding the home lab by deploying Wazuh SIEM on a second laptop. To keep things flexible, I opted for a Docker container deployment. Since this is a testing phase, I’m not overly concerned about potential issues; I plan to have a more permanent, dedicated system in place by the time the lab goes "production."

For now, the Dockerized Wazuh will be a "start-and-stop" process. This allows me to keep the laptop available for lab expansions while still having enough resources to stay on top of my university coursework.

The Hurdles: Passwords and Architectures

The first major struggle today was a stubborn authentication issue. For some reason, Wazuh refused to let me change the default admin password. From a security standpoint, leaving default credentials active is a massive red flag, so I spent a good chunk of time troubleshooting until it finally took.

Next came the agent deployment. A small but critical detail the Wazuh dashboard doesn't explicitly highlight is the architecture difference for certain devices. When deploying to my Raspberry Pi, the default "AMD64" code failed. I had to manually swap amd64 to arm64 in the installation string. Once that simple edit was made, the agent connected instantly without further issues.

The Long Road Ahead: Vulnerability Triage

The biggest task—and likely the most time-consuming—is tackling the mountain of vulnerabilities Wazuh just handed me:

• 40 Critical/High

• 72 Medium

• 4 Low

It’s an intimidating list at first glance, but a quick deep-dive reveals some interesting context. Looking at the first few "High" alerts, I found that Debian (the OS on my Pi) has actually marked some of these as "<ignored>".

In many cases, the security team deems the risk "Minor" or "Local only," meaning a user would have to manually run a very specific, obscure command for the vulnerability to even be a threat. It’s a good reminder that SIEM alerts require a human touch to separate real risks from "paper" vulnerabilities.

Next Steps

Over the next few days, I’ll be balancing three plates:

1. Dissertation Prep: Mapping out my initial ideas and research.

2. Lab Hardening: Continuing to build out the environment.

3. Vulnerability Triage: Methodically working through the Wazuh list to see what needs a patch and what is just "noise."

As a Cybersecurity student looking at the current job market, it’s clear that junior roles are scarce for graduates. While I’m currently on track for a 1st Class degree, I’ve realized that re-reading university notes only takes you so far. To truly master different security aspects, you have to build.

Today, I decided to bridge that gap by building a dedicated home lab.

The Hardware

I’m running the lab on a Raspberry Pi 5 (16GB RAM) equipped with a 500GB SSD for better performance and reliability over a standard SD card.

The Stack (Dockerized)

I chose Docker to keep my projects isolated and manageable. Here is the current lineup:

• Dockge: For YAML file editing and managing .env files.

• Portainer: For container health monitoring and user authorization.

• HastyBot: My Discord bot (currently in development).

• Webgame: A side project in the making.

• Main Site: This will eventually host bot stats and project information.

• phpMyAdmin: For easy web-based database management.

• MariaDB: The backend database for both HastyBot and the webgame.

• Watchtower: To ensure my container stacks stay up to date automatically.

What’s Next?

Building the lab is just the beginning. Next, I’ll be installing Wazuh on a separate laptop and deploying an agent to the Pi. This will allow me to dive into SIEM monitoring and endpoint security in a live environment.