# SIEM installation

---

Today’s focus was expanding the home lab by deploying **Wazuh SIEM** on a second laptop. To keep things flexible, I opted for a **Docker container** deployment. Since this is a testing phase, I’m not overly concerned about potential issues; I plan to have a more permanent, dedicated system in place by the time the lab goes "production."

For now, the Dockerized Wazuh will be a "start-and-stop" process. This allows me to keep the laptop available for lab expansions while still having enough resources to stay on top of my university coursework.

### The Hurdles: Passwords and Architectures

The first major struggle today was a stubborn authentication issue. For some reason, Wazuh refused to let me change the default **admin password**. From a security standpoint, leaving default credentials active is a massive red flag, so I spent a good chunk of time troubleshooting until it finally took.

Next came the agent deployment. A small but critical detail the Wazuh dashboard doesn't explicitly highlight is the architecture difference for certain devices. When deploying to my Raspberry Pi, the default "AMD64" code failed. I had to manually swap `amd64` to `arm64` in the installation string. Once that simple edit was made, the agent connected instantly without further issues.

### The Long Road Ahead: Vulnerability Triage

The biggest task—and likely the most time-consuming—is tackling the mountain of vulnerabilities Wazuh just handed me:

* **40 Critical/High**
    
* **72 Medium**
    
* **4 Low**
    

It’s an intimidating list at first glance, but a quick deep-dive reveals some interesting context. Looking at the first few "High" alerts, I found that **Debian** (the OS on my Pi) has actually marked some of these as **"&lt;ignored&gt;"**.

In many cases, the security team deems the risk "Minor" or "Local only," meaning a user would have to manually run a very specific, obscure command for the vulnerability to even be a threat. It’s a good reminder that SIEM alerts require a human touch to separate real risks from "paper" vulnerabilities.

### Next Steps

Over the next few days, I’ll be balancing three plates:

1. **Dissertation Prep:** Mapping out my initial ideas and research.
    
2. **Lab Hardening:** Continuing to build out the environment.
    
3. **Vulnerability Triage:** Methodically working through the Wazuh list to see what needs a patch and what is just "noise."
    

---
