Wazuh, Windows and Winget
122 views
Skip to first unread message
Leon Scott
Apr 17, 2023, 5:13:55 AM4/17/23
to Wazuh mailing list
Hello all,
Yep, I am posting another one in the aim of trying to get system admins to share blogs and for Wazuh gurus to share their learnings.
As you all know Winget is Windows package manager and have we waited a long time for this little improvement. For those that don't know, its Microsoft's equivalent of what Linux users have enjoyed for years. No, it's not in the event log yet which is serious annoying, it stores its logs in obscure Microsoft Store app folders.
In relation to Wazuh you need remote commands enabled for a start, and this little novice seems to run into no end of trouble with this even though he has enabled the appropriate changes on the local Wazuh server. However, Winget does not need administrator privileges to execute. It does require however a swag load of switches depending on the developer of the application and a few to get you off the block.
There are a few problems you may need to be aware of.
1. Microsoft store applications have rather complicated names that you will need to deal with, but Winget gurus have already written PowerShell scripts for this. These scripts range from installing administrative devices to removing bloatware from user devices. The code is simple and easy to modify.
2. Architecture - I hate nothing more than x86 code on my x64 machine - Winget settings can correct this and it's a json file. If this is not set, you might end up with a x86 version on a x64 device. Microsoft Office Enterprise is a prime example (yes, only this version is Winget ready - still works on a lessor license - thanks Microsoft - pals - sarcasm)
3. No blasted event logging in Windows event log.!!! Why Microsoft why???
4. Not all developers are using this package manager - Epson - thanks - not.
So why I have been typing away hoping to motivate a real Wazuh certified individual or system administrator to get blogging (yep - I have alerts set to find you), I have been installing Microsoft Office Enterprise on my base (not really live but a good base case for Wazuh - call it a baseline). Worked a treat an fully operational, and Winget ready for upgrading from Wazuh - via a woddle - if I can get that working right.
This seriously of course simplifies a windows system update, excluding Windows itself but there are ways of calling Windows update from the command line. None of these require a call to Task Manager which if you are Wazuh knowledgeable mean less alerts, depending on your software supply chain issues (how much software do you need on your endpoint devices to manage them)
So as I said, start blogging, and I will find you just #wazuh on LinkedIn or other mediums and I will eventually find your professional posts over my still learning posts.
Sincerely
Leon.
Norberto Cesar Vicchi
Apr 18, 2023, 7:50:29 AM4/18/23
to Wazuh mailing list
Hello Leon!
Thanks a lot for all your info! I'll make sure to share this with my mates at Wazuh!
Is there anything else you might need or any doubts you may have?
Regards!
Norberto
Thanks a lot for all your info! I'll make sure to share this with my mates at Wazuh!
Is there anything else you might need or any doubts you may have?
Regards!
Norberto
Leon Scott
Apr 19, 2023, 3:52:27 AM4/19/23
to Wazuh mailing list
Norberto
No mate. All good
Reply all
Reply to author
Forward
0 new messages