Securing the Wazuh API

The communication between the Wazuh UI and the Wazuh API is encrypted with HTTPS by default, which means that if the users do not provide their own private key and certificate then the Wazuh API will generate its own during the first run. Additionally, the Wazuh API users wazuh and wazuh-wui are created by default, with wazuh and wazuh-wui as their passwords, respectively. Because of that, it is very important to secure the Wazuh API once the Wazuh Manager has been installed.

Warning

It is highly recommended to change the default passwords and to use your own certificate since the one created by the Wazuh API is self-signed.