The dashboard team had some issues getting the Wazuh dashboard up and running, concerning communication and commands with installation. These stemmed from multiple things, but overall created a valuable learning experience for everyone involved. Below are some of the issues we found.

Issue 1- Communication

There was a massive communication issue. Not everyone in the SOC was aware that they were to stay within their group and not run commands on top of other teams' work. There was jumping back and forth from team to team, and that resulted in commands being repeated several times, causing the installation process to slow down and having to ultimately restart.

We have learned it is best to solidify teams at the start of the creation of the SOC and stay only within your team. Team leads can communicate if they need something from another team.

Discord proved a useful tool as we were able to screenshare when one person was issuing commands, so others could watch and write documentation.
We also found there were vital communication errors between the teams. Being the last piece of Wazuh to go up after 2 other vital pieces, there were many things we had to connect back to the indexer and server. We found there were files we needed that were not given to us, causing much confusion later on down the road.

Issue 2- Server host

Although a small issue, it still causes us to have to troubleshoot and slows us down. While we were editing the /etc/wazuh-dashboard/opensearch_dashboards.yml file, there were some values we needed to replace. The server host was one of these.
We originally thought we needed to put the server IP address in this area, but we needed to leave it as 0.0.0.0 so it could communicate with all hosts.
Muhammad from the server team found this error and helped us correct it.

Issue 3- Certificates

We ran into a vital issue that took the team a long time to work around due to communication issues, as previously stated above.
While we were deploying certificates, we realized we did not have the wazuh-certificates.tar file. This was a key file that we needed.
We copied it over from the server side, but as we are supposed to stay in our teams, the server needed to give us this file.
We also found that we did not have the /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml file. This config file was one from the indexer team and we spent a lot of time trying to figure out where it was and why we didn't have it. We created a file from scratch because we needed to move forward, and that ended up causing many other issues.

In the end, Dashboard had to wipe all work done and restart with an assisted install. There was more communication the second time around, but there were still issues that we ran into. Moving forward for other classes, we found communication needs to be prioritized over everything.

Dashboard Team Issues

Issue 1- Communication

Issue 2- Server host

Issue 3- Certificates

In the end, Dashboard had to wipe all work done and restart with an assisted install. There was more communication the second time around, but there were still issues that we ran into. Moving forward for other classes, we found communication needs to be prioritized over everything.