Quickstart

Wazuh is a security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. The solution is composed of a single universal agent and three central components: the Wazuh server, the Wazuh indexer, and the Wazuh dashboard. For more information, check the Getting Started documentation.

Wazuh is free and open source. Its components abide by the GNU General Public License, version 2, and the Apache License, Version 2.0 (ALv2).

This quickstart shows you how to install the Wazuh central components, on the same host, using our installation assistant. You can check our Installation guide for more details and other installation options.

Below you can find a section about the requirements needed to install Wazuh. It will help you learn about the hardware requirements and the supported operating systems for your Wazuh installation.

Requirements

Hardware

Hardware requirements highly depend on the number of protected endpoints and cloud workloads. This number can help estimate how much data will be analyzed and how many security alerts will be stored and indexed.

Following this quickstart implies deploying the Wazuh server, the Wazuh indexer, and the Wazuh dashboard on the same host. This is usually enough for monitoring up to 100 endpoints and for 90 days of queryable/indexed alert data. The table below shows the recommended hardware for a quickstart deployment:

Agents

CPU

RAM

Storage (90 days)

1–25

4 vCPU

8 GiB

50 GB

25–50

8 vCPU

8 GiB

100 GB

50–100

8 vCPU

8 GiB

200 GB

For larger environments we recommend a distributed deployment. Multi-node cluster configuration is available for the Wazuh server and for the Wazuh indexer, providing high availability and load balancing.

Operating system

Wazuh central components can be installed on a 64-bit Linux operating system. Wazuh recommends any of the following operating system versions:

Amazon Linux 2

CentOS 7, 8

Red Hat Enterprise Linux 7, 8, 9

Ubuntu 16.04, 18.04, 20.04, 22.04

Browser compatibility

Wazuh dashboard supports the following web browsers:

  • Chrome 95 or later

  • Firefox 93 or later

  • Safari 13.7 or later

Other Chromium-based browsers might also work. Internet Explorer 11 is not supported.

Installing Wazuh

  1. Download and run the Wazuh installation assistant.

    $ curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a
    

    Once the assistant finishes the installation, the output shows the access credentials and a message that confirms that the installation was successful.

    INFO: --- Summary ---
    INFO: You can access the web interface https://<wazuh-dashboard-ip>
        User: admin
        Password: <ADMIN_PASSWORD>
    INFO: Installation finished.
    

    You now have installed and configured Wazuh.

  2. Access the Wazuh web interface with https://<wazuh-dashboard-ip> and your credentials:

    • Username: admin

    • Password: <ADMIN_PASSWORD>

When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. This is expected and the user has the option to accept the certificate as an exception or, alternatively, configure the system to use a certificate from a trusted authority.

Note

You can find the passwords for all the Wazuh indexer and Wazuh API users in the wazuh-passwords.txt file inside wazuh-install-files.tar. To print them, run the following command:

$ sudo tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt

If you want to uninstall the Wazuh central components, run the Wazuh installation assistant using the option -u or –-uninstall.

Next steps

Now that your Wazuh installation is ready, you can start deploying the Wazuh agent. This can be used to protect laptops, desktops, servers, cloud instances, containers, or virtual machines. The agent is lightweight and multi-purpose, providing a variety of security capabilities.

Instructions on how to deploy the Wazuh agent can be found in the Wazuh web user interface, or in our documentation.