One of the most valuable things you can build in a home lab is a working SIEM. Wazuh is free, open source, and genuinely enterprise-grade — the same platform used in real SOC environments. This walkthrough takes you from a blank VM to your first real security alert. 💻 WHAT YOU’LL NEED - A hypervisor (Proxmox, VirtualBox, or VMware) - Wazuh Server VM: Ubuntu 22.04 LTS, minimum 4GB RAM, 2 vCPUs, 50GB disk - Windows 10 VM: your monitored endpoint (agent machine) - Both VMs on the same internal network 🛠️ PART 1: INSTALL THE WAZUH SERVER Step 1 — Boot your Ubuntu VM and run updates: sudo apt update && sudo apt upgrade -y Step 2 — Download and run the Wazuh installer: curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh sudo bash wazuh-install.sh -a The -a flag installs the full stack: Wazuh Manager, Indexer, and Dashboard. This takes 10–15 minutes. Step 3 — Once complete, the installer will display your admin credentials. SAVE THESE. They won’t be shown again. Step 4 — Access the Wazuh Dashboard by opening a browser and navigating to: https://[your-ubuntu-vm-ip] Log in with the admin credentials from Step 3. You should see the Wazuh dashboard — empty for now, but that’s about to change. 📲 PART 2: ENROL YOUR WINDOWS VM AS AN AGENT Step 1 — In the Wazuh Dashboard, click “Agents” then “Deploy new agent” Step 2 — Select Windows as the OS, enter your Wazuh server IP, give the agent a name (e.g. “WIN10-LAB”) Step 3 — Copy the generated PowerShell command and run it on your Windows VM as Administrator. It will download and install the Wazuh agent, then register it back to your server automatically. Step 4 — Start the agent service on Windows: Net start WazuhSvc Step 5 — Back in the dashboard, refresh the Agents page. Your Windows VM should now show as Active. 🎉 🚨 PART 3: TRIGGER YOUR FIRST REAL ALERT Now for the fun part. Let’s make something happen.

I have been building my vendors across Asia for my members and I would appreciate knowing if you want to see vendors for your own countries and what the pros and cons of using them are. I have been several home labs here in Australia, Asia and in the Middle East and would love to hear from you and your ideas.

This is where theory meets practice, mate. Labs & Walkthroughs is your go-to spot for hands-on, step-by-step guides that actually teach you how to DO the work – not just read about it. What you'll find here: - Full lab build guides (home SOC setups, attack ranges, SIEM deployments) - Tool walkthroughs and configurations (Splunk, Wazuh, Suricata, Metasploit, etc.) - CTF writeups and TryHackMe / HackTheBox solutions - Real-world scenario labs (incident response, threat hunting, exploitation) - Troubleshooting tips when things inevitably break The goal? Get your hands dirty. Break stuff. Fix it. Learn from it. Whether you're setting up your first VM or building a full enterprise-style lab, this is where we document the journey and help each other get unstuck. Drop a comment below: - What's the first lab or walkthrough you want to see? - What are you currently stuck on or trying to build? - Any tools or scenarios you're keen to dive into? Let's build, break, and learn together 🛠️ — Aussie Mr Cyber