Monitoring Windows and Active Directory using Wazuh and Zabbix

Wazuh is a great tool for security monitoring (SIEM). Thanks to it, I have a centralized environment that takes care of threat detection, file integrity monitoring, log analysis, vulnerability detection and malware identification.
Zabbix, on the other hand, complements Wazuh. While Wazuh focuses mainly on security, monitoring what's happening from a security perspective on our devices, Zabbix is useful for more administrative tasks. With Zabbix, we can check if anything is happening, if the disks are filling up, if the server temperatures are rising, and so on. From an administrative point of view, it allows us to check everything in one place and keep it handy. Not many people know that Zabbix is also great for security. It can check logs for failed login attempts or changes in files, for example.

 

Zabbix as a real-time monitoring of IT components and services

Now it's time for Zabbix... The difficulty of learning Zabbix depends on the knowledge of IT infrastructure monitoring concepts, experience with similar tools and general technical knowledge.

The project I am working on "Zabbix Architect - Network and Server Monitoring" showcases not only my skills with Zabbix software but also the extensive IT knowledge I have gained so far. It is based on my current home lab setup as well as cloud services. This project might take some time as I keep coming up with new ideas that I want to include. Below is the current architecture (which may change) and part of the work already completed.

The project looks like this:
Installation: Zabbix server, Zabbix proxy, database, high-availability cluster, load balancing, VRRP.
Ansible: deploying and adding agents, securing and optimizing Zabbix.
Monitoring: Windows and Linux, logs and events, services, Docker, agentless monitoring, SNMP, iDRAC, web applications, SSL certificates, SELinux, network devices, new unwanted devices, hypervisors, databases, mail server, backups, NVR/IP cameras.
Integration: Active Directory, ticketing system, Grafana.

 

Here are good practices for setting up and maintaining Zabbix:

1. Planning: Before you set up Zabbix, it's important to plan how the system will work. You should decide how many servers, proxies, and agents you need, and how you will organize your network and save data.

2. Scaling: Zabbix should be able to grow as your organization grows. This means making sure the server and database work well, adding proxies for monitoring in different locations, and using load balancing if necessary.

3. Database: The Zabbix database needs to be set up and maintained properly. This includes adjusting settings and making regular backups to keep everything running smoothly.

4. Security: To keep the system secure, you should encrypt communication between Zabbix components, limit access to the Zabbix interface, and update Zabbix regularly to fix security issues.

5. Refresh Time: Adjust how often Zabbix checks items and triggers to find a balance between detailed monitoring and system performance.

6. Use of Templates: Use or create templates to make setting up hosts and services easier and faster.

7. Alerts and Notifications: Set up alerts to inform the right people about important problems. Don't send too many alerts—just the important ones. Create rules for how alerts are handled, set limits for when alerts are triggered, and use different ways to notify people (like email, SMS, or chat apps).

8. Monitor Monitoring: Regularly check how well Zabbix itself is working. This includes looking at how much server and database resources are used, checking for failed data collection, and making sure the system is highly available and has backups where needed.