GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → wazuh → Wazuh Docker

wazuh / Wazuh Docker

Licence: other
Wazuh - Docker containers

Labels

cssdockersecuritymonitoringelasticsearchincident-responsesecurity-hardeningvulnerability-detectioncomplianceintrusion-detectionidslog-analysispci-dss

Projects that are alternatives of or similar to Wazuh Docker

Wazuh Ruleset
Wazuh - Ruleset
Stars: ✭ 305 (+43.19%)
Mutual labels:  ids, log-analysis, elasticsearch, monitoring, incident-response, security-hardening, vulnerability-detection, compliance, intrusion-detection, pci-dss
Wazuh Kibana App
Wazuh - Kibana plugin
Stars: ✭ 212 (-0.47%)
Mutual labels:  ids, log-analysis, elasticsearch, monitoring, incident-response, security-hardening, vulnerability-detection, compliance, intrusion-detection, pci-dss
Wazuh Chef
Wazuh - Chef cookbooks
Stars: ✭ 9 (-95.77%)
Mutual labels:  ids, log-analysis, elasticsearch, monitoring, incident-response, security-hardening, vulnerability-detection, compliance, intrusion-detection, pci-dss
Wazuh
Wazuh - The Open Source Security Platform
Stars: ✭ 3,154 (+1380.75%)
Mutual labels:  ids, log-analysis, elasticsearch, monitoring, incident-response, security-hardening, vulnerability-detection, compliance, intrusion-detection, pci-dss
Wazuh Documentation
Wazuh - Project documentation
Stars: ✭ 82 (-61.5%)
Mutual labels:  log-analysis, elasticsearch, monitoring, incident-response, security-hardening, vulnerability-detection, compliance, intrusion-detection, pci-dss
wazuh-packages
Wazuh - Tools for packages creation
Stars: ✭ 54 (-74.65%)
Mutual labels:  log-analysis, incident-response, ids, intrusion-detection, pci-dss, compliance, security-hardening, vulnerability-detection
wazuh-ansible
Wazuh - Ansible playbook
Stars: ✭ 166 (-22.07%)
Mutual labels:  log-analysis, incident-response, ids, intrusion-detection, pci-dss, compliance, security-hardening, vulnerability-detection
wazuh-puppet
Wazuh - Puppet module
Stars: ✭ 25 (-88.26%)
Mutual labels:  log-analysis, incident-response, intrusion-detection, pci-dss, compliance, security-hardening, vulnerability-detection
wazuh-cloudformation
Wazuh - Amazon AWS Cloudformation
Stars: ✭ 32 (-84.98%)
Mutual labels:  log-analysis, incident-response, ids, pci-dss, security-hardening, vulnerability-detection
Siac
SIAC is an enterprise SIEM built on open-source technology.
Stars: ✭ 100 (-53.05%)
Mutual labels:  incident-response, compliance, intrusion-detection, pci-dss
Lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
Stars: ✭ 9,137 (+4189.67%)
Mutual labels:  security-hardening, vulnerability-detection, compliance, pci-dss
Ossec Hids
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Stars: ✭ 3,580 (+1580.75%)
Mutual labels:  compliance, intrusion-detection, pci-dss
Fail2ban
Daemon to ban hosts that cause multiple authentication errors
Stars: ✭ 6,677 (+3034.74%)
Mutual labels:  ids, monitoring, intrusion-detection
Sigma
Generic Signature Format for SIEM Systems
Stars: ✭ 4,418 (+1974.18%)
Mutual labels:  ids, elasticsearch, monitoring
Content
Security automation content in SCAP, OSCAL, Bash, Ansible, and other formats
Stars: ✭ 1,219 (+472.3%)
Mutual labels:  security-hardening, compliance, pci-dss
Py Idstools
idstools: Snort and Suricata Rule and Event Utilities in Python (Including a Rule Update Tool)
Stars: ✭ 205 (-3.76%)
Mutual labels:  ids, intrusion-detection
Nfr
A lightweight tool to score network traffic and flag anomalies
Stars: ✭ 104 (-51.17%)
Mutual labels:  monitoring, intrusion-detection
Grafana
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
Stars: ✭ 45,930 (+21463.38%)
Mutual labels:  elasticsearch, monitoring
Es Stats
ElasticSearch cluster metrics -> Graphite
Stars: ✭ 91 (-57.28%)
Mutual labels:  elasticsearch, monitoring
Patrowldocs
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-50.7%)
Mutual labels:  incident-response, vulnerability-detection
View All Similar Projects ➔

Wazuh containers for Docker

Slack Email Documentation Documentation

In this repository you will find the containers to run:

  • wazuh-opendistro: It runs the Wazuh manager, Wazuh API and Filebeat OSS (for integration with ODFE)
  • wazuh-kibana-opendistro: Provides a web user interface to browse through alerts data. It includes Wazuh plugin for Kibana, that allows you to visualize agents configuration and status.
  • opendistro-for-elasticsearch: An Elasticsearch (ODFE) container (working as a single-node cluster) using ODFE Docker images. Be aware to increase the vm.max_map_count setting, as it's detailed in the Wazuh documentation.

In addition, a docker-compose file is provided to launch the containers mentioned above.

  • Elasticsearch cluster. In the Elasticsearch Dockerfile we can visualize variables to configure an Elasticsearch Cluster. These variables are used in the file config_cluster.sh to set them in the elasticsearch.yml configuration file. You can see the meaning of the node variables here and other cluster settings here.

Documentation

Setup SSL certificate and Basic Authentication

Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed) and setup the basic auth.

Documentation on how to provide these two can be found at nginx_conf/README.md.

Environment Variables

Default values are included when available.

Wazuh

API_USERNAME="wazuh"                                # Wazuh API username
API_PASSWORD="wazuh"                                # Wazuh API password - Must comply with requirements
                                                    # (8+ length, uppercase, lowercase, specials chars)

ELASTICSEARCH_URL=https://elasticsearch:9200        # Elasticsearch URL
ELASTIC_USERNAME=admin                              # Elasticsearch Username
ELASTIC_PASSWORD=admin                              # Elasticsearch Password
FILEBEAT_SSL_VERIFICATION_MODE=full                 # Filebeat SSL Verification mode (full or none)
SSL_CERTIFICATE_AUTHORITIES=""                      # Path of Filebeat SSL CA
SSL_CERTIFICATE=""                                  # Path of Filebeat SSL Certificate
SSL_KEY=""                                          # Path of Filebeat SSL Key

Kibana

PATTERN="wazuh-alerts-*"        # Default index pattern to use

CHECKS_PATTERN=true             # Defines which checks must to be consider by the healthcheck
CHECKS_TEMPLATE=true            # step once the Wazuh app starts. Values must to be true or false
CHECKS_API=true
CHECKS_SETUP=true

EXTENSIONS_PCI=true             # Enable PCI Extension
EXTENSIONS_GDPR=true            # Enable GDPR Extension
EXTENSIONS_HIPAA=true           # Enable HIPAA Extension
EXTENSIONS_NIST=true            # Enable NIST Extension
EXTENSIONS_TSC=true             # Enable TSC Extension
EXTENSIONS_AUDIT=true           # Enable Audit Extension
EXTENSIONS_OSCAP=false          # Enable OpenSCAP Extension
EXTENSIONS_CISCAT=false         # Enable CISCAT Extension
EXTENSIONS_AWS=false            # Enable AWS Extension
EXTENSIONS_GCP=false            # Enable GCP Extension
EXTENSIONS_VIRUSTOTAL=false     # Enable Virustotal Extension
EXTENSIONS_OSQUERY=false        # Enable OSQuery Extension
EXTENSIONS_DOCKER=false         # Enable Docker Extension

APP_TIMEOUT=20000               # Defines maximum timeout to be used on the Wazuh app requests

API_SELECTOR=true               Defines if the user is allowed to change the selected API directly from the Wazuh app top menu
IP_SELECTOR=true                # Defines if the user is allowed to change the selected index pattern directly from the Wazuh app top menu
IP_IGNORE="[]"                  # List of index patterns to be ignored

WAZUH_MONITORING_ENABLED=true       # Custom settings to enable/disable wazuh-monitoring indices
WAZUH_MONITORING_FREQUENCY=900      # Custom setting to set the frequency for wazuh-monitoring indices cron task
WAZUH_MONITORING_SHARDS=2           # Configure wazuh-monitoring-* indices shards and replicas
WAZUH_MONITORING_REPLICAS=0         #

ADMIN_PRIVILEGES=true               # App privileges

Directory structure

├── CHANGELOG.md
├── docker-compose.yml
├── generate-opendistro-certs.yml
├── kibana-odfe
│   ├── config
│   │   ├── custom_welcome
│   │   │   ├── light_theme.style.css
│   │   │   ├── template.js.hbs
│   │   │   ├── wazuh_logo_circle.svg
│   │   │   └── wazuh_wazuh_bg.svg
│   │   ├── entrypoint.sh
│   │   ├── kibana_settings.sh
│   │   ├── wazuh_app_config.sh
│   │   ├── wazuh.yml
│   │   └── welcome_wazuh.sh
│   └── Dockerfile
├── LICENSE
├── production_cluster
│   ├── elastic_opendistro
│   │   ├── elasticsearch-node1.yml
│   │   ├── elasticsearch-node2.yml
│   │   ├── elasticsearch-node3.yml
│   │   └── internal_users.yml
│   ├── kibana_ssl
│   │   └── generate-self-signed-cert.sh
│   ├── nginx
│   │   ├── nginx.conf
│   │   └── ssl
│   │       └── generate-self-signed-cert.sh
│   ├── ssl_certs
│   │   └── certs.yml
│   └── wazuh_cluster
│       ├── wazuh_manager.conf
│       └── wazuh_worker.conf
├── production-cluster.yml
├── README.md
├── VERSION
└── wazuh-odfe
    ├── config
    │   ├── create_user.py
    │   ├── etc
    │   │   ├── cont-init.d
    │   │   │   ├── 0-wazuh-init
    │   │   │   ├── 1-config-filebeat
    │   │   │   └── 2-manager
    │   │   └── services.d
    │   │       └── filebeat
    │   │           ├── finish
    │   │           └── run
    │   ├── filebeat.yml
    │   ├── permanent_data.env
    │   ├── permanent_data.sh
    │   └── wazuh.repo
    └── Dockerfile

Branches

  • 4.0 branch on correspond to the latest Wazuh-Docker stable version.
  • master branch contains the latest code, be aware of possible bugs on this branch.
  • Wazuh.Version (for example 3.13.1_7.8.0 or 4.1.0) branch. This branch contains the current release referenced in Docker Hub. The container images are installed under the current version of this branch.

Compatibility Matrix

Wazuh version ODFE XPACK
v4.1.1 1.12.0 7.10.2
--------------- --------- --------
v4.1.0 1.12.0 7.10.2
--------------- --------- --------
v4.0.4 1.11.0
--------------- --------- --------
v4.0.3 1.11.0
--------------- --------- --------
v4.0.2 1.11.0
--------------- --------- --------
v4.0.1 1.11.0
--------------- --------- --------
v4.0.0 1.10.1

Credits and Thank you

These Docker containers are based on:

We thank you them and everyone else who has contributed to this project.

License and copyright

Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)

Web references

Wazuh website

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].