type
status
date
summary
tags
category
URL
password
slug
icon
The Open SourceSecurity Platform
Unified XDR and SIEM protection for endpoints
and cloud workloads.
QuickstartPermalink to this headline
Wazuh is a security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. The solution is composed of a single universal agent and three central components: the Wazuh server, the Wazuh indexer, and the Wazuh dashboard. For more information, check the Getting Started documentation.
Wazuh is free and open source. Its components abide by the GNU General Public License, version 2, and the Apache License, Version 2.0 (ALv2).
This quickstart shows you how to install the Wazuh central components, on the same host, using our installation assistant. You can check our Installation guide for more details and other installation options.
Below you can find a section about the requirements needed to install Wazuh. It will help you learn about the hardware requirements and the supported operating systems for your Wazuh installation.
RequirementsPermalink to this headline
HardwarePermalink to this headline
Hardware requirements highly depend on the number of protected endpoints and cloud workloads. This number can help estimate how much data will be analyzed and how many security alerts will be stored and indexed.
Following this quickstart implies deploying the Wazuh server, the Wazuh indexer, and the Wazuh dashboard on the same host. This is usually enough for monitoring up to 100 endpoints and for 90 days of queryable/indexed alert data. The table below shows the recommended hardware for a quickstart deployment:
Agents | CPU | RAM | Storage (90 days) |
1–25 | 4 vCPU | 8 GiB | 50 GB |
25–50 | 8 vCPU | 8 GiB | 100 GB |
50–100 | 8 vCPU | 8 GiB | 200 GB |
For larger environments we recommend a distributed deployment. Multi-node cluster configuration is available for the Wazuh server and for the Wazuh indexer, providing high availability and load balancing.
Operating systemPermalink to this headline
Wazuh central components can be installed on a 64-bit Linux operating system. Wazuh recommends any of the following operating system versions:
Amazon Linux 2 | CentOS 7, 8 |
Red Hat Enterprise Linux 7, 8, 9 | Ubuntu 16.04, 18.04, 20.04, 22.04 |
Browser compatibilityPermalink to this headline
Wazuh dashboard supports the following web browsers:
- Chrome 95 or later
- Firefox 93 or later
- Safari 13.7 or later
Other Chromium-based browsers might also work. Internet Explorer 11 is not supported.
Installing WazuhPermalink to this headline
- Download and run the Wazuh installation assistant.
$ curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -aOnce the assistant finishes the installation, the output shows the access credentials and a message that confirms that the installation was successful.
INFO: --- Summary ---
INFO: You can access the web interface https://<wazuh-dashboard-ip>
User: admin
Password: <ADMIN_PASSWORD>
INFO: Installation finished.You now have installed and configured Wazuh.
- Access the Wazuh web interface with
https://<wazuh-dashboard-ip>and your credentials: - Username: admin
- Password: <ADMIN_PASSWORD>
When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. This is expected and the user has the option to accept the certificate as an exception or, alternatively, configure the system to use a certificate from a trusted authority.
Note
You can find the passwords for all the Wazuh indexer and Wazuh API users in the
wazuh-passwords.txt file inside wazuh-install-files.tar. To print them, run the following command:If you want to uninstall the Wazuh central components, run the Wazuh installation assistant using the option
-u or –-uninstall.Next stepsPermalink to this headline
Now that your Wazuh installation is ready, you can start deploying the Wazuh agent. This can be used to protect laptops, desktops, servers, cloud instances, containers, or virtual machines. The agent is lightweight and multi-purpose, providing a variety of security capabilities.
Instructions on how to deploy the Wazuh agent can be found in the Wazuh web user interface, or in our documentation.
Wazuh is a security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. The solution is composed of a single universal agent and three central components: the Wazuh server, the Wazuh indexer, and the Wazuh dashboard. For more information, check the Getting Started documentation.
Wazuh is free and open source. Its components abide by the GNU General Public License, version 2, and the Apache License, Version 2.0 (ALv2).
This quickstart shows you how to install the Wazuh central components, on the same host, using our installation assistant. You can check our Installation guide for more details and other installation options.
Below you can find a section about the requirements needed to install Wazuh. It will help you learn about the hardware requirements and the supported operating systems for your Wazuh installation.
RequirementsPermalink to this headline
HardwarePermalink to this headline
Hardware requirements highly depend on the number of protected endpoints and cloud workloads. This number can help estimate how much data will be analyzed and how many security alerts will be stored and indexed.
Following this quickstart implies deploying the Wazuh server, the Wazuh indexer, and the Wazuh dashboard on the same host. This is usually enough for monitoring up to 100 endpoints and for 90 days of queryable/indexed alert data. The table below shows the recommended hardware for a quickstart deployment:
Agents | CPU | RAM | Storage (90 days) |
1–25 | 4 vCPU | 8 GiB | 50 GB |
25–50 | 8 vCPU | 8 GiB | 100 GB |
50–100 | 8 vCPU | 8 GiB | 200 GB |
For larger environments we recommend a distributed deployment. Multi-node cluster configuration is available for the Wazuh server and for the Wazuh indexer, providing high availability and load balancing.
Operating systemPermalink to this headline
Wazuh central components can be installed on a 64-bit Linux operating system. Wazuh recommends any of the following operating system versions:
Amazon Linux 2 | CentOS 7, 8 |
Red Hat Enterprise Linux 7, 8, 9 | Ubuntu 16.04, 18.04, 20.04, 22.04 |
Browser compatibilityPermalink to this headline
Wazuh dashboard supports the following web browsers:
- Chrome 95 or later
- Firefox 93 or later
- Safari 13.7 or later
Other Chromium-based browsers might also work. Internet Explorer 11 is not supported.
Installing WazuhPermalink to this headline
- Download and run the Wazuh installation assistant.
Once the assistant finishes the installation, the output shows the access credentials and a message that confirms that the installation was successful.
You now have installed and configured Wazuh.
- Access the Wazuh web interface with
https://<wazuh-dashboard-ip>and your credentials: - Username: admin
- Password: <ADMIN_PASSWORD>
When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. This is expected and the user has the option to accept the certificate as an exception or, alternatively, configure the system to use a certificate from a trusted authority.
Note
You can find the passwords for all the Wazuh indexer and Wazuh API users in the
wazuh-passwords.txt file inside wazuh-install-files.tar. To print them, run the following command:If you want to uninstall the Wazuh central components, run the Wazuh installation assistant using the option
-u or –-uninstall.Next stepsPermalink to this headline
Now that your Wazuh installation is ready, you can start deploying the Wazuh agent. This can be used to protect laptops, desktops, servers, cloud instances, containers, or virtual machines. The agent is lightweight and multi-purpose, providing a variety of security capabilities.
Instructions on how to deploy the Wazuh agent can be found in the Wazuh web user interface, or in our documentation.
上一篇
redcanaryco/invoke-atomicredteam: Invoke-AtomicRedTeam is a PowerShell module to execute tests as defined in the [atomics folder] of Red Canary's Atomic Red Team project.
下一篇
Cross-Sector Cybersecurity Performance Goals | CISA
- Author:NetSec
- URL:https://blog.51sec.org/article/eef913dc-b4d2-4b47-a79a-1b9926b88156
- Copyright:All articles in this blog, except for special statements, adopt BY-NC-SA agreement. Please indicate the source!
