Virtual Machine (OVA)

Wazuh provides a pre-built virtual machine image (OVA) that you can directly import using VirtualBox or other OVA compatible virtualization systems.


This VM only runs on 64-bit systems and is not recommended for use in production environments. It is a useful tool for proof-of-concepts and labs. Multi-tier servers and multi-node clusters are generally more suitable for production environments where higher performance is required.

Download the virtual appliance (OVA) which contains the following components:

  • CentOS 7

  • Wazuh manager: 4.0.4

  • Open Distro for Elasticsearch: 7.9.1

  • Filebeat-OSS: 7.9.1

  • Kibana: 7.9.1

  • Wazuh Kibana plugin: 4.0.4-7.9.1

First, import the OVA in the virtualization platform and run the virtual machine. The password of the user root is wazuh and the username and password for the Wazuh API are wazuh-wui/wazuh-wui. The following video explains how to import and run the virtual machine.

To access the web interface:

URL: https://<wazuh_server_ip>
user: admin
password: admin

All components included in this virtual image are configured to work out-of-the-box without the need to modify any settings. However, all components can be fully customized. These are the configuration files locations:

  • Wazuh manager: /var/ossec/etc/ossec.conf

  • Open Distro for Elasticsearch: /etc/elasticsearch/elasticsearch.yml

  • Filebeat-OSS: /etc/filebeat/filebeat.yml

  • Kibana: /etc/kibana/kibana.yml

In case of using VirtualBox, once the virtual machine is imported it may run into issues caused by time skew when VirtualBox synchronizes the time of the guest machine. To avoid this situation, enable the Hardware Clock in UTC Time option in the System tab of the virtual machine configuration.


By default, the network interface type is bridge. The VM will attempt to obtain an IP address from the network DHCP server. Alternatively, a static IP address can be set by configuring the appropriate network files in the CentOS operating system on which the VM is based.

Once the virtual machine is imported and running, the next step is to deploy the Wazuh agents on the systems to be monitored.

Upgrading the VM

The virtual machine can be upgraded as a traditional installation: