Wazuh is a full-featured DevSecOps platform for threat detection, cloud resource monitoring, and incident response. Wazuh collects, aggregates, and analyzes security data, helping organizations detect intrusions, behavioral anomalies, and vulnerabilities and ensure compliance with security regulations.
Attention! Important Security Notice
Attack Prevention:
Warning
This image is based on a hardened version!
Behavior may differ from conventional distributions.
In this image, protection against password brute-force attacks is pre-configured, and attack prevention is in place!
Firewall:
Warning
After launching the virtual machine, a setup process begins, taking the first 5-10 minutes. During this time, only port 22 is accessible, and the web interface becomes available only after the completion of this setup process.
SSH Connection:
Warning
When deploying the solution, please use the default SSH key!
-
Create a service account with the
compute.viewer
,logging.viewer
, andlogging.reader
roles. -
Create a log group. Save the log group ID. You’ll need it later.
-
Configure audit logs uploads to Cloud Logging.
-
Get an SSH key pair to connect to a virtual machine (VM).
-
Create a VM from a public image. Under Image/boot disk selection, go to the Cloud Marketplace tab and select Wazuh. Under Access:
- In the Service account field, select the previously created service account.
- Enter the username in the Login field.
- Paste the contents of the public key file in the SSH key field.
It takes 5 to 10 minutes to set up the VM automatically.
-
Connect to the VM via SSH. To do this, use the username you set when creating the VM and the private SSH key you created earlier.
-
Open the file
wazuh.sh
:sudo nano /etc/profile.d/wazuh.sh
-
Add the following line to the file:
export YANDEX_LOG_GROUP_ID="<log_group_ID>"
Where
YANDEX_LOG_GROUP_ID
is the ID of the previously created log group. -
Unpack the
wazuh-install-files.tar
archive with passwords and certificates required to access the Wazuh web interface and API:sudo tar -xvf /var/ossec/wazuh-install-files.tar
The passwords and certificates are only stored on the VM.
-
Open the file
wazuh-new-passwords.txt
:sudo nano wazuh-install-files/wazuh-new-passwords.txt
-
In the
Admin user for the web user interface and Wazuh indexer. Use this user to log in to Wazuh dashboard
section, copy the values of the parameters to access the Wazuh web interface:indexer_username
: The username.indexer_password
: The password.
-
Open
https://<VM_public_IP_address>/
in your browser and log in with the credentials you obtained earlier. -
To activate Wazuh, obtain the ID of the folder in which the VM is located and send it to support@opennix.ru.
Warning
If desired, you can modify the iptables settings in the /etc/iptables/rules.v4
file.
Tariffs
Pay as you go | ||
Wazuh 1 year per instance RUB 18/hour Best price RUB 155,000 / 365 days Prepaid Best price | RUB 155,000 / 365 days Prepaid | RUB 18/hour |
- Analyzing the security of cloud resources, including containers.
- Detecting intrusions.
- Identifying vulnerabilities.
- Analyzing logs.
- Monitoring files.
- Evaluating the system configuration.
- Responding to security incidents.
- Performing security compliance checks.
OpenNix provides technical support to Wazuh users in Yandex Cloud. You can contact technical support by email at support@opennix.ru. Support engineers are available from 9:00 to 18:00 (UTC+3) during business days.