By default, the communications between the Wazuh Kibana App and the Wazuh API are not encrypted. It is highly recommended that you secure the Wazuh API by following the steps below:
In order to enable HTTPS, you can generate your own certificate or generate it automatically by using the script
This script allows you to change the port used by the Wazuh API to handle the incoming HTTP requests. The port 55000 is used by default.
Change the default credentials:
configure_api.shscript allows you to change the API’s user. If you did not use the script you can still change it as follows:# cd /var/ossec/api/configuration/auth # node htpasswd -Bc -C 10 user myUserName
By default, you can access the Wazuh API by typing user “foo” and password “bar”.
You will then need to restart the
wazuh-manager services for the change to take effect.
Bind to localhost:
If you do not need to access to the API externally, you should bind the API to
localhostusing the option
config.hostin the configuration file