Wazuh - Open Source XDR. Open Source SIEM

Start protecting your system and Install Wazuh, the platform composed of a single universal agent and three central components.

Wazuh central components

The Wazuh indexer is a highly scalable, full-text search and analytics engine.
This central component indexes and stores alerts generated by the Wazuh server.

The Wazuh server analyzes data received from the agents and processes it using threat intelligence.
A single server can analyze data from thousands of agents, and scale when set up as a cluster. It is also used to manage the agents, configuring them remotely when necessary.

The Wazuh dashboard is the web user interface for data visualization, analysis, and management.
It includes dashboards for regulatory compliance, vulnerabilities, file integrity, configuration assessment, cloud infrastructure events, among others.

Requirements (central components):

• Ubuntu 16.04–24.04 (64-bit)
• x86_64/ARM64
• CPU 4vCPU, RAM 8GB, Storage 50GB

Install Wazuh central components:

curl -sO https://packages.wazuh.com/4.13/wazuh-install.sh && sudo bash ./wazuh-install.sh -o -p 1337 -a

Flags explained:

• -o → replace existing config/data
• -p 1337 → set Dashboard/API port
• -a → install & configure Server, Indexer, Dashboard

Disable auto-updates:

sudo sed -i "s/^deb /#deb /" /etc/apt/sources.list.d/wazuh.list
sudo apt update

Prevents unexpected upgrades.

Access Dashboard: https://<SERVER_IP>:1337

• Username: admin
• Password: shown during install

01/10/2025 13:37:00 INFO: You can access the web interface https://<wazuh-dashboard-ip>:1337
    User: admin
    Password: S0LH************************wPxX
01/10/2025 13:37:00 INFO: Installation finished.

https://13.37.0.1:1337/app/login?nextUrl=%2Fapp%2Fwz-home

SSL warnings are normal in lab/internal setups.

Retrieve API/Indexer credentials:

sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt

Provides usernames and passwords for Wazuh API, Indexer, and Dashboard.

If you want to uninstall the Wazuh central components, run the Wazuh installation assistant using the option sudo bash ./wazuh-install.sh -u or curl -sO https://packages.wazuh.com/4.13/wazuh-install.sh && sudo bash ./wazuh-install.sh -u.

Single universal agent

Wazuh agents are installed on endpoints such as laptops, desktops, servers, cloud instances, or virtual machines. They provide threat prevention, detection, and response capabilities.

Requirements (agent):

• Ubuntu/Debian Linux (64-bit)
• Root privileges
• Network connectivity to Wazuh server

Install Wazuh agent:

wget https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.13.1-1_amd64.deb && sudo WAZUH_MANAGER='13.37.0.1' WAZUH_AGENT_NAME='1337rokudenashi' dpkg -i ./wazuh-agent_4.13.1-1_amd64.deb

Flags explained:

• WAZUH_MANAGER='13.37.0.1' → Wazuh server address
• WAZUH_AGENT_NAME='1337rokudenashi' → Unique agent ID

Enable and start the agent:

sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent

With the agent active, your infrastructure stays connected, reporting logs, threats, and compliance data without missing a beat.