Setup Wazuh XDR on Ubuntu in Azure/AWS/GCP
Setup and install Wazuh on Ubuntu. Wazuh is an open-source security platform that provides unified SIEM (Security Information and Event Management), XDR (Extended Detection and Response), and compliance monitoring across hybrid and cloud environments. It collects and analyzes security events from endpoints, cloud workloads, and infrastructure in real time. Wazuh helps organizations detect threats, investigate incidents, and meet compliance requirements such as GDPR, HIPAA, PCI DSS, and CIS benchmarks. With built-in modules for file integrity monitoring, vulnerability detection, malware detection, log analysis, and intrusion detection, Wazuh gives IT and security teams full visibility into the security posture of their environment, all within a customizable and scalable architecture.
Wazuh on Azure
Deploy Wazuh on Ubuntu 24.04 in Azure
Wazuh on AWS
Coming soon..
Wazuh on GCP
Coming soon..
Getting Started with Wazuh XDR - Open Source Security Platform
Once your Wazuh server has been deployed, the following links explain how to connect to a Linux VM:
- How to connect to a Linux VM on Azure
- How to connect to a Linux VM on AWS
- How to connect to a Linux VM on GCP
Once connected and logged in, the following section explains how to start using Wazuh.
Check Wazuh Services
Once logged in, first step is confirm all the required Wazuh services are running and active:
sudo systemctl status wazuh-manager
sudo systemctl status wazuh-indexer
sudo systemctl status wazuh-dashboard
If you need to start any services, the commands are:
sudo systemctl start wazuh-manager
sudo systemctl start wazuh-indexer
sudo systemctl start wazuh-dashboard
Initialize OpenSearch Security Plugin for Wazuh Indexer
Next we need to initialize the Wazuh Indexer running the following script that will:
- Certificates creation
- Nodes installation
- Cluster initialization
sudo /usr/share/wazuh-indexer/bin/indexer-security-init.sh
Login to Wazuh Dashboard
To login to the Wazuh dashboard open a web browser and go to the private IP address or public IP address of your VM for example:
https://<public-ip>
- Accept the self-signed SSL certificate warning.
Use the following credentials to login:
User: admin
Password: 1T5iigvRsxNnyCH76p8b.??ZY6uHTvCA
Its recommended to update your password once you’ve logged in under profile settings.
Wazuh Dashboard Certificates
To get rid of the certificate warnings on your Wazuh dashboard you can install your own certificate. Instructions for doing this can be found on the following link:
Wazuh Firewall Ports
The following ports are required for Wazuh to function:
- TCP 80
- TCP 443
- TCP/UDP 1514
- TCP 1515
- TCP 55000
Full list of ports and architecture can be found on: https://documentation.wazuh.com/current/getting-started/architecture.html
If you are using any of the cloud security groups and need to change / add ports refer to the following guides:
To setup AWS firewall rules refer to – AWS Security Groups
To setup Azure firewall rules refer to – Azure Network Security Groups
To setup Google GCP firewall rules refer to – Creating GCP Firewalls
Documentation / Support
Full documentation on using Wazuh can be found on: https://documentation.wazuh.com/current/user-manual/index.html
