Quickstart
Wazuh is a security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. The solution is composed of a single universal agent and three central components: the Wazuh manager, the Wazuh indexer, and the Wazuh dashboard. For more information, check the Getting started documentation.
Wazuh is a free and open source platform. Its components abide by the GNU General Public License, version 2, and the GNU Affero General Public License version 3 (AGPLv3).
This quickstart shows you how to install the Wazuh central components on the same endpoint, using our installation assistant. You can check our Installation guide for more details and other installation options.
Below you can find a section about the requirements needed to install Wazuh. It will help you learn about the hardware requirements and the supported operating systems for your Wazuh installation.
Requirements
Hardware
Hardware requirements highly depend on the number of protected endpoints and cloud workloads. This number can help estimate how much data will be analyzed and how many security alerts will be stored and indexed.
Following this quickstart implies deploying the Wazuh manager, the Wazuh indexer, and the Wazuh dashboard on the same endpoint. This is usually enough for monitoring up to 100 endpoints and for 90 days of queryable/indexed alert data. The table below shows the recommended hardware for a quickstart deployment:
Agents |
CPU |
RAM |
Storage (90 days) |
|---|---|---|---|
1-25 |
4 vCPU |
8 GiB |
50 GB |
25-50 |
8 vCPU |
16 GiB |
100 GB |
50-100 |
8 vCPU |
16 GiB |
200 GB |
For larger environments, we recommend a distributed deployment. Multi-node cluster configuration is available for the Wazuh manager and for the Wazuh indexer, providing high availability and load balancing.
Operating system
You can install the Wazuh central components on 64-bit Linux systems using Intel, AMD, or ARM architectures (x86_64/AMD64 or AARCH64/ARM64). Wazuh recommends any of the following operating system versions:
Amazon Linux 2023
Ubuntu 22.04, 24.04
Red Hat Enterprise Linux 9, 10
Installing Wazuh
Download and run the installation assistant. The installation assistant deploys the Wazuh central components and generates access credentials.
# wget https://packages-staging.xdrsiem.wazuh.info/pre-release/5.x/installation-assistant/wazuh-install-5.0.0-beta2.sh && sudo bash ./wazuh-install-5.0.0-beta2.sh -a -i -id -d pre-release
Once the assistant finishes the installation, the output shows the access credentials and a message that confirms that the installation was successful. The default password is
admin.INFO: --- Summary --- INFO: You can access the web interface https://<WAZUH_DASHBOARD_IP_ADDRESS> User: admin Password: admin INFO: Installation finished.Access the Wazuh web interface with
https://<WAZUH_DASHBOARD_IP_ADDRESS>and the following credentials. Replace<WAZUH_DASHBOARD_IP_ADDRESS>with the IP address of your endpoint:Username:
adminPassword:
admin
When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that a trusted authority did not issue the certificate. This is expected, and the user can either accept the certificate as an exception or configure the system to use a certificate from a trusted authority.
If you want to uninstall the Wazuh central components, run the Wazuh installation assistant using the option -u or –-uninstall.
Next steps
Now that your Wazuh installation is ready, you can start deploying the Wazuh agent. This can be used to protect laptops, desktops, servers, cloud instances, containers, or virtual machines. The Wazuh agent is lightweight and multi-purpose, providing a variety of security capabilities.
Instructions on how to deploy the Wazuh agent can be found in the Wazuh web user interface or in our documentation.
