Add Wazuh security monitoring template

- Created simplified single-node setup without certificate file mounts - Uses environment variables for credentials with password helpers - Configured dashboard, indexer, and manager services - Added metadata and logo Co-authored-by: Siumauricio <47042324+Siumauricio@users.noreply.github.com>
2026-06-15 20:25:24 +02:00 · 2025-12-20 00:23:15 +00:00
parent 97de2d6378
commit a4ede73879
4 changed files with 128 additions and 0 deletions
--- a/blueprints/wazuh/docker-compose.yml
+++ b/blueprints/wazuh/docker-compose.yml
@@ -0,0 +1,86 @@
+version: "3.8"
+services:
+  wazuh.manager:
+    image: wazuh/wazuh-manager:4.14.1
+    hostname: wazuh.manager
+    restart: always
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 655360
+        hard: 655360
+    environment:
+      - WAZUH_INDEXER_HOSTS=wazuh.indexer:9200
+      - WAZUH_NODE_NAME=manager
+      - WAZUH_CLUSTER_NODES=wazuh.manager
+      - WAZUH_CLUSTER_BIND_ADDR=wazuh.manager
+      - INDEXER_USERNAME=${INDEXER_USERNAME}
+      - INDEXER_PASSWORD=${INDEXER_PASSWORD}
+      - API_USERNAME=${API_USERNAME}
+      - API_PASSWORD=${API_PASSWORD}
+    volumes:
+      - wazuh_api_configuration:/var/ossec/api/configuration
+      - wazuh_etc:/var/ossec/etc
+      - wazuh_logs:/var/ossec/logs
+      - wazuh_queue:/var/ossec/queue
+      - wazuh_var_multigroups:/var/ossec/var/multigroups
+      - wazuh_active_response:/var/ossec/active-response/bin
+      - wazuh_wodles:/var/ossec/wodles
+
+  wazuh.indexer:
+    image: wazuh/wazuh-indexer:4.14.1
+    hostname: wazuh.indexer
+    restart: always
+    environment:
+      - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g
+      - bootstrap.memory_lock=true
+      - network.host=wazuh.indexer
+      - node.name=wazuh.indexer
+      - cluster.initial_cluster_manager_nodes=wazuh.indexer
+      - node.max_local_storage_nodes=1
+      - plugins.security.disabled=true
+    ulimits:
+      memlock:
+        soft: -1
+        hard: -1
+      nofile:
+        soft: 65536
+        hard: 65536
+    volumes:
+      - wazuh-indexer-data:/var/lib/wazuh-indexer
+
+  wazuh.dashboard:
+    image: wazuh/wazuh-dashboard:4.14.1
+    hostname: wazuh.dashboard
+    restart: always
+    environment:
+      - SERVER_HOST=0.0.0.0
+      - SERVER_PORT=5601
+      - OPENSEARCH_HOSTS=http://wazuh.indexer:9200
+      - INDEXER_USERNAME=${INDEXER_USERNAME}
+      - INDEXER_PASSWORD=${INDEXER_PASSWORD}
+      - WAZUH_API_URL=https://wazuh.manager
+      - DASHBOARD_USERNAME=${DASHBOARD_USERNAME}
+      - DASHBOARD_PASSWORD=${DASHBOARD_PASSWORD}
+      - API_USERNAME=${API_USERNAME}
+      - API_PASSWORD=${API_PASSWORD}
+    depends_on:
+      - wazuh.indexer
+      - wazuh.manager
+    volumes:
+      - wazuh-dashboard-config:/usr/share/wazuh-dashboard/config
+      - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom
+
+volumes:
+  wazuh_api_configuration:
+  wazuh_etc:
+  wazuh_logs:
+  wazuh_queue:
+  wazuh_var_multigroups:
+  wazuh_active_response:
+  wazuh_wodles:
+  wazuh-indexer-data:
+  wazuh-dashboard-config:
+  wazuh-dashboard-custom:
--- a/blueprints/wazuh/template.toml
+++ b/blueprints/wazuh/template.toml
@@ -0,0 +1,24 @@
+[variables]
+main_domain = "${domain}"
+indexer_username = "admin"
+indexer_password = "${password:32}"
+dashboard_username = "kibanaserver"
+dashboard_password = "${password:32}"
+api_username = "wazuh-wui"
+api_password = "${password:32}"
+
+[config]
+env = [
+  "INDEXER_USERNAME=${indexer_username}",
+  "INDEXER_PASSWORD=${indexer_password}",
+  "DASHBOARD_USERNAME=${dashboard_username}",
+  "DASHBOARD_PASSWORD=${dashboard_password}",
+  "API_USERNAME=${api_username}",
+  "API_PASSWORD=${api_password}"
+]
+mounts = []
+
+[[config.domains]]
+serviceName = "wazuh.dashboard"
+port = 5601
+host = "${main_domain}"
--- a/blueprints/wazuh/wazuh.png
+++ b/blueprints/wazuh/wazuh.png
--- a/meta.json
+++ b/meta.json
@@ -6012,6 +6012,24 @@
      "self-hosted"
    ]
  },
+  {
+    "id": "wazuh",
+    "name": "Wazuh",
+    "version": "4.14.1",
+    "description": "Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities for endpoint and cloud workload protection.",
+    "logo": "wazuh.png",
+    "links": {
+      "github": "https://github.com/wazuh/wazuh",
+      "website": "https://wazuh.com/",
+      "docs": "https://documentation.wazuh.com/"
+    },
+    "tags": [
+      "security",
+      "monitoring",
+      "siem",
+      "xdr"
+    ]
+  },
  {
    "id": "web-check",
    "name": "Web-Check",