Easiest SIEM Install — Wazuh, Elasticsearch, Kibana, and Filebeat Docker Install

Why?

Steps

  • Install Docker
  • Install Docker Compose
  • Getting the VM Ready
  • SSL Certificate Generation (Elasticsearch, Kibana, Nginx)
  • Internal Users
  • Deployment of the stack

Install Docker

curl -sSL https://get.docker.com/ | sh
systemctl start docker
systemctl enable docker

Install Docker Compose

curl -L "https://github.com/docker/compose/releases/download/1.28.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-composechmod +x /usr/local/bin/docker-composesudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-composedocker-compose --version

Getting the VM Ready

sysctl -w vm.max_map_count=262144

Clone The Repo

git clone https://github.com/wazuh/wazuh-docker.git -b v4.2.6 --depth=1

Generate Certs

docker-compose -f generate-opendistro-certs.yml run --rm generator
bash ./production_cluster/kibana_ssl/generate-self-signed-cert.sh
bash ./production_cluster/nginx/ssl/generate-self-signed-cert.sh

Internal Users

./elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
docker run --rm -ti amazon/opendistro-for-elasticsearch:1.13.2 bash /usr/share/elasticsearch/plugins/opendistro_security/tools/hash.sh

Deployment Of The Stack

docker-compose -f production-cluster.yml up -d

Need Help?

--

--

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SOCFortress

SOCFortress is a SaaS company that unifies Observability, Security Monitoring, Threat Intelligence and Security Orchestration, Automation, and Response (SOAR).