Marketplace

Wazuh Yandex Cloud

Updated September 24, 2024

Wazuh is a full-featured DevSecOps platform for threat detection, cloud resource monitoring, and incident response. Wazuh collects, aggregates, and analyzes security data, helping organizations detect intrusions, behavioral anomalies, and vulnerabilities and ensure compliance with security regulations.

Deployment instructions

Attention! Important Security Notice

Attack Prevention:

Warning

This image is based on a hardened version!
Behavior may differ from conventional distributions.
In this image, protection against password brute-force attacks is pre-configured, and attack prevention is in place!

Firewall:

Warning

After launching the virtual machine, a setup process begins, taking the first 5-10 minutes. During this time, only port 22 is accessible, and the web interface becomes available only after the completion of this setup process.

SSH Connection:

Warning

When deploying the solution, please use the default SSH key!

  1. Create a service account with the compute.viewer, logging.viewer, and logging.reader roles.

  2. Create a log group. Save the log group ID. You’ll need it later.

  3. Configure audit logs uploads to Cloud Logging.

  4. Get an SSH key pair to connect to a virtual machine (VM).

  5. Create a VM from a public image. Under Image/boot disk selection, go to the Cloud Marketplace tab and select Wazuh. Under Access:

    • In the Service account field, select the previously created service account.
    • Enter the username in the Login field.
    • Paste the contents of the public key file in the SSH key field.

    It takes 5 to 10 minutes to set up the VM automatically.

  6. Connect to the VM via SSH. To do this, use the username you set when creating the VM and the private SSH key you created earlier.

  7. Open the file wazuh.sh:

    sudo nano /etc/profile.d/wazuh.sh
    
  8. Add the following line to the file:

    export YANDEX_LOG_GROUP_ID="<log_group_ID>"
    

    Where YANDEX_LOG_GROUP_ID is the ID of the previously created log group.

  9. Unpack the wazuh-install-files.tar archive with passwords and certificates required to access the Wazuh web interface and API:

    sudo tar -xvf /var/ossec/wazuh-install-files.tar
    

    The passwords and certificates are only stored on the VM.

  10. Open the file wazuh-new-passwords.txt:

    sudo nano wazuh-install-files/wazuh-new-passwords.txt
    
  11. In the Admin user for the web user interface and Wazuh indexer. Use this user to log in to Wazuh dashboard section, copy the values of the parameters to access the Wazuh web interface:

    • indexer_username: The username.
    • indexer_password: The password.
  12. Open https://<VM_public_IP_address>/ in your browser and log in with the credentials you obtained earlier.

  13. To activate Wazuh, obtain the ID of the folder in which the VM is located and send it to support@opennix.ru.

Warning

If desired, you can modify the iptables settings in the /etc/iptables/rules.v4 file.

Tariffs

Hourly (pay as you go)

RUB 20/hour
Pay as you go
Pay as you go
RUB 20/hour

Wazuh 1 year per instance

RUB 18/hour
Best price
RUB 155,000 / 365 days
Prepaid
Best price
RUB 155,000 / 365 days
Prepaid
RUB 18/hour
Try it for free or with a discount

from RUB 32 /
per hour

The usage cost for the product and required resources within the default configuration 
Billing type
Hourly (Pay as you go)
Type
Virtual Machine
Category
Security
Publisher
OpenNix Cloud security
Use cases
  • Analyzing the security of cloud resources, including containers.
  • Detecting intrusions.
  • Identifying vulnerabilities.
  • Analyzing logs.
  • Monitoring files.
  • Evaluating the system configuration.
  • Responding to security incidents.
  • Performing security compliance checks.
Technical support

OpenNix provides technical support to Wazuh users in Yandex Cloud. You can contact technical support by email at support@opennix.ru. Support engineers are available from 9:00 to 18:00 (UTC+3) during business days.

Product IDs
image_id:
fd8ofcg4c5v07fqj8em0
family_id:
opennix-wazuh
Product composition
SoftwareVersion
ubuntu20.04
Wazuhv4.3.11
Yandex modulesv1.2.0
Yara3.9.0-1
Terms
By using this product you agree to the Yandex Cloud Marketplace Terms of Service and the terms and conditions of the following software: EULAUbuntu

Tariffs

Hourly (pay as you go)

RUB 20/hour
Pay as you go
Pay as you go
RUB 20/hour

Wazuh 1 year per instance

RUB 18/hour
Best price
RUB 155,000 / 365 days
Prepaid
Best price
RUB 155,000 / 365 days
Prepaid
RUB 18/hour
Try it for free or with a discount

from RUB 32 /
per hour

The usage cost for the product and required resources within the default configuration 
Billing type
Hourly (Pay as you go)
Type
Virtual Machine
Category
Security
Publisher
OpenNix Cloud security