Installing Wazuh with Elastic Stack

This section aims to guide the user through the installation process of Wazuh. This installation guide will use the Elastic Stack basic license option, which contains everything included in the open-source version under the Apache 2.0 license, plus additional capabilities such as Elastic Stack Security features, Kibana alerting, and others.

This guide includes instructions to install Wazuh 4.4.5 and Elastic Stack 7.17.9. For a list of compatible versions, check below our Compatibility matrix and Packages list.

Deployment types

The installation guide is divided into two independent sections: all-in-one deployment and distributed deployment, according to the chosen configuration. The installation requirements for the Wazuh server and Elastic Stack are similar to those described in the requirements section.

All-in-one deployment

Wazuh server and Elastic Stack are installed on the same host. This type of deployment is appropriate for testing and small working environments.

All-in-one deployment

The following components will be installed:

  • The Wazuh server, including the Wazuh manager as a single-node cluster, and Filebeat.

  • Elastic Stack, including Elasticsearch as a single-node cluster, and Kibana, including the Wazuh Kibana plugin.

The communication is encrypted using certificates. Follow the installation guide to install and configure all the required components.

Distributed deployment

Each component is installed in a separate host as a single-node or multi-node cluster. This type of deployment allows high availability and scalability of the product and is convenient for large working environments.

Kibana can be installed on the same server as the Elasticsearch node, or on a separate one. This type of deployment is appropriate for production environments as it provides high availability and scalability of the services.

Distributed deployment

The following components will be installed:

  • The Wazuh server, including the Wazuh manager as a single-node cluster or as a multi-node cluster, and Filebeat.

  • Elastic Stack as a single-node cluster or as a multi-node cluster, and Kibana, including the Wazuh Kibana plugin, on the same host as Elasticsearch node or on a separate one.

The communication will be encrypted using certificates, and the user can follow the installation steps guide to install all required components.

Compatibility matrix

The following Elastic Stack versions are compatible with the Wazuh manager 4.4.5 using the Wazuh Kibana plugin:

Elastic stack version

7.10.2

7.16.0–7.16.3

7.17.0–7.17.9

Packages list

The following table contains the Wazuh Kibana plugin files for each version of Elastic Stack compatible with Wazuh 4.4.5:

Kibana Version

Package

7.10.2

wazuh_kibana-4.4.5_7.10.2.zip (sha512)

7.16.0

wazuh_kibana-4.4.5_7.16.0.zip (sha512)

7.16.1

wazuh_kibana-4.4.5_7.16.1.zip (sha512)

7.16.2

wazuh_kibana-4.4.5_7.16.2.zip (sha512)

7.16.3

wazuh_kibana-4.4.5_7.16.3.zip (sha512)

7.17.0

wazuh_kibana-4.4.5_7.17.0.zip (sha512)

7.17.1

wazuh_kibana-4.4.5_7.17.1.zip (sha512)

7.17.2

wazuh_kibana-4.4.5_7.17.2.zip (sha512)

7.17.3

wazuh_kibana-4.4.5_7.17.3.zip (sha512)

7.17.4

wazuh_kibana-4.4.5_7.17.4.zip (sha512)

7.17.5

wazuh_kibana-4.4.5_7.17.5.zip (sha512)

7.17.6

wazuh_kibana-4.4.5_7.17.6.zip (sha512)

7.17.7

wazuh_kibana-4.4.5_7.17.7.zip (sha512)

7.17.8

wazuh_kibana-4.4.5_7.17.8.zip (sha512)

7.17.9

wazuh_kibana-4.4.5_7.17.9.zip (sha512)

For a full list of the available Wazuh Kibana plugin packages, check the Wazuh Kibana plugin compatibility matrix.

Start deploying Wazuh and Elastic Stack