Wazuh

In this article

• Wazuh. Main Features
• Deployment Features
• Getting started after deploying Wazuh
• Obtaining Credentials and Logging into the Web Panel
• Wazuh Dashboard Startup Screen
• Ordering a server with Wazuh using the API

Note

Wazuh is a comprehensive open-source platform for security monitoring and threat detection. It provides a centralized solution for security analysis, including intrusion detection, file integrity monitoring, and compliance with regulatory requirements. The platform is built on a modular architecture and supports scalability, enabling protection for both small organizations and large enterprises.

Wazuh. Main Features

• Intrusion Detection - Monitoring of system and network events to identify suspicious activity and cyberattacks.
• File Integrity Monitoring - Tracking changes in critical files and directories to prevent unauthorized modifications.
• Event Log Analysis - Centralized collection and analysis of logs from various sources using correlation rules to detect threats.
• Malware Detection - Scanning systems for malicious software using signature-based and behavioral analysis.
• Vulnerability Assessment - Continuous analysis of installed software for known vulnerabilities.
• Compliance Control - Checking systems against security standards (PCI DSS, GDPR, HIPAA, NIST, etc.).
• Cloud Security - Monitoring and protecting resources in public cloud environments (AWS, Azure, Google Cloud).
• Integration and Response - Interaction with external security systems and automation of incident response processes.

Deployment Features

ID	Compatible OS	VM	BM	VGPU	GPU	Min CPU (Cores)	Min RAM (Gb)	Min HDD/SDD (Gb)	Active
283	Ubuntu 22.04	+	+	+	+	2	4	10	Yes

• Installation is possible on Ubuntu 22.04;
• Setup time is 30-60 minutes including the OS installation;
• Complete installation of Wazuh Server + Indexer + Dashboard;
• Wazuh Dashboard accessible through port 8080 with a secure HTTPS connection;
• Automatic cluster health check after installation;
• Administrator credentials are automatically generated during installation;
• Wazuh configuration files stored in the /var/ossec directory;
• Components of Wazuh Dashboard located in /usr/share/wazuh-dashboard;
• Installation scripts files found in the /opt/wazuh directory;
• Administrator password stored in the file /opt/wazuh/password in the format admin:password;
• Path to installation archives: /opt/wazuh/wazuh-install-files.tar.

For Wazuh to function correctly, the following minimum system resources are required:

• Processor: at least 2 CPU cores;
• RAM: at least 4 GB;
• Disk Space: recommended from 50 GB SSD/HDD:
• The volume may increase depending on the number of agents and event intensity;
• For production environments with many agents, it is recommended to have 100 GB or more.

Note

These requirements are for a basic Wazuh installation with a small number of agents. Larger environments may require more powerful hardware.

Note

Unless otherwise specified, we install the latest release version of the software from the developer's website or operating system repositories by default.

Getting started after deploying Wazuh

After payment of the order, a notification of the server's readiness for operation will be sent to the e-mail address specified during registration. It will contain the IP address of the VPS, as well as the login and password for connection. Clients of our company manage the equipment in the server control panel and API - Invapi.

Here you can also find the credentials, which can be found either in the Info >> Tags tab of the server control panel or in the email sent to you:

• Link to access the Wazuh webpanel: in the webpanel tag;
• Login: root - for managing the server, admin - for logging into the Wazuh web interface;
• Password for server management: Sent to your email address after the server is ready for use following software deployment.

Obtaining Credentials and Logging into the Web Panel

To access the Wazuh web control panel, you need to obtain administrator credentials generated automatically during installation. These details are not manually set and cannot be known in advance; to retrieve them, follow these steps:

1. Connect to the server via SSH as an administrator:

   ssh root@<IP of the server>
   

2. Check the file with saved credentials:

   cat /opt/wazuh/password
   

   The data will be in the format admin:password:

Changing Credentials

After initial login, it is recommended to change the administrator's default password for enhanced security:

1. Click on the profile icon "a" in the top-right corner of the interface.

2. In the dropdown menu, select Reset password:

   

3. On the opened page, you need to:

   • Enter the current password in the field Current password;
   • Enter a new password in the field New password, adhering to security requirements:
   • At least 8 characters;
   • At least one uppercase letter;
   • At least one lowercase letter;
   • At least one digit;
   • At least one special character.
   • Re-enter the new password in the field Re-enter new password.

   

4. Click the Reset button to save changes.

Note

After changing the password through the web interface, the new credentials will not be automatically updated in the file /opt/wazuh/password.

Wazuh Dashboard Startup Screen

After successful login, you'll reach the Wazuh Dashboard startup screen, providing an overview of the security system status:

Upon successful login, you'll arrive at the Wazuh Dashboard startup screen, offering a view of the security system's status. The main interface elements include:

• Agent Summary — displays the number of registered Wazuh agents. Upon first login, it shows the message "This instance has no agents registered" and a button Deploy new agent to add new monitoring objects.
• Last 24 Hours Alerts — shows the count of alerts across four categories: Critical severity (level 15+), High severity (level 12-14), Medium severity (level 7-11), and Low severity (level 0-6).
• Endpoint Security — includes modules like Configuration Assessment for configuration audits, Malware Detection for identifying malicious software, and File Integrity Monitoring to track file changes.
• Threat Intelligence — offers tools for Threat Hunting to analyze security alerts, Vulnerability Detection for uncovering vulnerabilities, and MITRE ATT&CK for matching incidents with known adversary tactics.
• Security Operations — contains modules for compliance with various security standards, including PCI DSS, GDPR, HIPAA, NIST 800-53, and TSC.
• Cloud Security — allows monitoring of various cloud services and containers, including Docker, Amazon Web Services, Google Cloud, GitHub, and Office 365.

Ordering a server with Wazuh using the API

To install this software using the API, follow these instructions

---

Some of the content on this page was created or translated using AI.