How To Set Up A SIEM In Your Home?

Three core pillars in the system mostly drive SIEM or Security Information and Event Management. They are cost, speed, and the scale of operations. However, the increase in the existing complexity in Information Securities and Operations Centers has put more pressure on entrepreneurs.

The latest SIEM can be installed easily at home while workers, employees, and entrepreneurs work from home. This gives the investors and business owners leverage to be independent of the existing SIEM vendors. 

SIEM set at homes provides real-time data and situational awareness across systems and business operations. 

The Steps To Set Up SIEM At Home Are As Followed:

1. Get the basics rights first:

To set up a SIEM server at your home, you would need basic items:

  • Understanding of how to set up a server and configure it accordingly. 
  • Raspberry Pi 4B computer, which at least has 128 GB storage and 8 GB RAM.

2. Install the Raspberry Operating System:

To learn how to install Wazuh on a Raspberry Pi, the best SIEM server for homes, refer to the points below to learn the configuration of Raspberry’s operating system. 

  • Download the official Raspberry Pi’s imager first. 
  • Click “use custom” from the given menu in this imager application after choosing the OS / operating system. 
  • Choose the ARM 64 image from the given options. Further, select SD storage for writing the OS into it. 

3. Identify your IP Address for the Raspberry Pi device:

Use any available VM to set up the configuration for the IP address. However, while using guest VM, remember the network won’t realize it. You change the VM networking settings to link your host machine with the chosen/selected VM. 

Now proceed to identify the IP address in Rasp Pi for the network. There’s an option to cut short and directly log into the router. 

4. Check the Raspberry Pi connection with the device:

Use Raspberry Pi’s default password. This allows you to Secure Shell (SSH) or set the connection right with the device’s IP address to share the data from thereon. 

5. Change the existing host’s name to update:

Go from Raspberry to Wuzah as an example for the hostname. But you can try anything else as well. For carrying out this change, run sudo commands from system options.

Return to the original GUI. You get the option to Update here. After that, click Finish to finish configuring the Raspberry Pi IP. 

6. Enable the login options:

Configure the SSHD if you wish to login as root. That’s by using SSH – secure shell. 

7. You can upgrade existing packages:

Connect VM to the SSH first. Run the following command:

“apt update && apt update -y”

After completion, you can download the packages easily on the server. 

8. Install and configure Java apps:

Java 11 is the latest version that helps run Java-backed applications smoothly. Check if you already have Java 11 in your system. If not, download and install it from the official Java website. 

After that, download and install Elasticsearch OSS. Then proceed to download plus install Open Distro. It’s for the better use of Elasticsearch. 

Later, you need to configure Elasticsearch to add users with their roles and run Wazuh SIEM effectively at home. While configuring, you can remove demo certificates. Instead, install Wazuh certificates in the system. 

Jumpstart the Elasticsearch service with all the necessary certificates you would need to run operations from home. 

Carefully note that Open Distro enhances Elasticsearch performance. However, if it harms the system, you can remove its certificate from Elasticsearch later on. 

9. Install Wazuh manager and run it successfully:

  • Install/add the GPG key.
  • Add the given repository list.
  • Then upgrade the packages of the Wazuh manager.
  • Start the manager.
  • Run Wazuh manager commands to check the active status. 

10. Download and install Filebeat:

First, check the repository list in the Filebeat. Then upgrade its packages accordingly. Configure Filebeat files to send alerts to Elasticsearch when required. But you need an alert template installed in Elasticsearch too for that. Copy Elasticsearch certificates too in the Filebeat files.

Run and check the active status of the Filebeat later on.

11. Install and run Kabana:

Kabana is the last package you should install and run to check the latest security alerts to the SIEM set up at home. Once it’s installed, you can log into the official Raspberry IP address and change the password to tighten the security of the SIEM server at home. 

Angela is a senior editor at Dreniq News. She has written for many famous news agencies.