fbpx

Topic: Wazuh Deployment Guide, Overview of Wazuh and its Component

Objective: Wazuh component and architecture

Wazuh Deployment Guide

Hardware Requirements

The hardware requirements for your Wazuh deployment depend on the number of protected endpoints and cloud workloads. The following table outlines the recommended hardware specifications based on the number of agents:

For a quickstart deployment monitoring up to 100 endpoints for 90 days, it is recommended to deploy the Wazuh server, Wazuh indexer, and Wazuh dashboard on the same host.
For larger environments, Wazuh recommends a distributed deployment with a multi-node cluster configuration for the Wazuh server and indexer, providing high availability and load balancing.
Operating System
Wazuh central components can be installed on a 64-bit Linux operating system. The following operating system versions are recommended:
Amazon Linux 2
CentOS 7, 8
Red Hat Enterprise Linux 7, 8, 9
Ubuntu 16.04, 18.04, 20.04, 22.04
Browser Compatibility
The Wazuh dashboard is compatible with the following web browsers:
Chrome 95 or later
Firefox 93 or later
Safari 13.7 or later
Chromium-based browsers might also work, but Internet Explorer 11 is not supported.
Installing Wazuh
To install Wazuh, follow these steps:
1. Download and run the Wazuh installation assistant using the following command:
curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

2. Once the installation assistant completes the installation, the output will display access credentials and a confirmation message indicating a successful installation.

INFO: --- Summary ---
INFO: You can access the web interface https://<wazuh-dashboard-ip>
    User: admin
    Password: <ADMIN_PASSWORD>
INFO: Installation finished.

 

3. Access the Wazuh web interface using the provided URL (https://) and login credentials:

  • Username: admin
  • Password: <ADMIN_PASSWORD>

Congratulations! You have successfully installed and configured Wazuh.

There is a three-main component in wazuh.

  1. Wazuh server
  2. Wazuh indexer
  3. Wazuh dashboard

How can install wazuh at server Side:

Wazuh indexer

The Wazuh indexer is a highly scalable, full-text search and analytics engine. This Wazuh central component indexes and stores alerts generated by the Wazuh server and provides near real-time data search and analytics capabilities. The Wazuh indexer can be configured as a single-node or multi-node cluster, providing scalability and high availability.

Wazuh uses four different indices to store different event types:

wazuh‑alerts: Stores alerts generated by the Wazuh server. These are created each time an event trips a rule with a high enough priority (this threshold is configurable).

wazuh‑archives: Stores all events (archive data) received by the Wazuh server, whether or not they trip a rule.

wazuh‑monitoring: Stores data related to the Wazuh agent status over time. It is used by the web interface to represent when individual agents are or have been Active, Disconnected, or Never connected.

wazuh‑statistics: Stores data related to the Wazuh server performance. It is used by the web interface to represent the performance statistics.

Wazuh Server

The Wazuh server component analyzes the data received from the agents, triggering alerts when threats or anomalies are detected. It is also used to manage the agents configuration remotely and monitor their status.

Server architecture:

Wazuh dashboard

The Wazuh dashboard is a flexible and intuitive web user interface for mining, analyzing, and visualizing security events and alerts data.

Wazuh agent

The Wazuh agent runs on Linux, Windows, macOS, Solaris, AIX, and other operating systems. It can be deployed to laptops, desktops, servers, cloud instances, containers, or virtual machines.

Agent architecture:

Wazuh Architecture:

 


Leave a Reply

Your email address will not be published. Required fields are marked *

Surat

Certbar Security

Contact

Office No.

Work Inquiries

Interested in working with us?

Career

Looking for a job opportunity?

Register With:

Work Inquiries

Interested in working with us?

Career

Looking for a job opportunity?

Surat

Certbar Security

Contact

Office No.

Work Inquiries

Interested in working with us?

Career

Looking for a job opportunity?

Register With:

© 2016-[year], Certbar Security. All rights reserved.

© 2016-[year], Certbar Security. All rights reserved.

Please enable JavaScript in your browser to complete this form.
Please enable JavaScript in your browser to complete this form.
Join As:
Interested In Batch:
I agree to bring my own laptop
Please enable JavaScript in your browser to complete this form.
Please enable JavaScript in your browser to complete this form.
Please enable JavaScript in your browser to complete this form.
Please enable JavaScript in your browser to complete this form.
Please enable JavaScript in your browser to complete this form.