diff --git a/blueprints/wazuh/docker-compose.yml b/blueprints/wazuh/docker-compose.yml new file mode 100644 index 00000000..a7fb0e9f --- /dev/null +++ b/blueprints/wazuh/docker-compose.yml @@ -0,0 +1,86 @@ +version: "3.8" +services: + wazuh.manager: + image: wazuh/wazuh-manager:4.14.1 + hostname: wazuh.manager + restart: always + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 655360 + hard: 655360 + environment: + - WAZUH_INDEXER_HOSTS=wazuh.indexer:9200 + - WAZUH_NODE_NAME=manager + - WAZUH_CLUSTER_NODES=wazuh.manager + - WAZUH_CLUSTER_BIND_ADDR=wazuh.manager + - INDEXER_USERNAME=${INDEXER_USERNAME} + - INDEXER_PASSWORD=${INDEXER_PASSWORD} + - API_USERNAME=${API_USERNAME} + - API_PASSWORD=${API_PASSWORD} + volumes: + - wazuh_api_configuration:/var/ossec/api/configuration + - wazuh_etc:/var/ossec/etc + - wazuh_logs:/var/ossec/logs + - wazuh_queue:/var/ossec/queue + - wazuh_var_multigroups:/var/ossec/var/multigroups + - wazuh_active_response:/var/ossec/active-response/bin + - wazuh_wodles:/var/ossec/wodles + + wazuh.indexer: + image: wazuh/wazuh-indexer:4.14.1 + hostname: wazuh.indexer + restart: always + environment: + - OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g + - bootstrap.memory_lock=true + - network.host=wazuh.indexer + - node.name=wazuh.indexer + - cluster.initial_cluster_manager_nodes=wazuh.indexer + - node.max_local_storage_nodes=1 + - plugins.security.disabled=true + ulimits: + memlock: + soft: -1 + hard: -1 + nofile: + soft: 65536 + hard: 65536 + volumes: + - wazuh-indexer-data:/var/lib/wazuh-indexer + + wazuh.dashboard: + image: wazuh/wazuh-dashboard:4.14.1 + hostname: wazuh.dashboard + restart: always + environment: + - SERVER_HOST=0.0.0.0 + - SERVER_PORT=5601 + - OPENSEARCH_HOSTS=http://wazuh.indexer:9200 + - INDEXER_USERNAME=${INDEXER_USERNAME} + - INDEXER_PASSWORD=${INDEXER_PASSWORD} + - WAZUH_API_URL=https://wazuh.manager + - DASHBOARD_USERNAME=${DASHBOARD_USERNAME} + - DASHBOARD_PASSWORD=${DASHBOARD_PASSWORD} + - API_USERNAME=${API_USERNAME} + - API_PASSWORD=${API_PASSWORD} + depends_on: + - wazuh.indexer + - wazuh.manager + volumes: + - wazuh-dashboard-config:/usr/share/wazuh-dashboard/config + - wazuh-dashboard-custom:/usr/share/wazuh-dashboard/plugins/wazuh/public/assets/custom + +volumes: + wazuh_api_configuration: + wazuh_etc: + wazuh_logs: + wazuh_queue: + wazuh_var_multigroups: + wazuh_active_response: + wazuh_wodles: + wazuh-indexer-data: + wazuh-dashboard-config: + wazuh-dashboard-custom: diff --git a/blueprints/wazuh/template.toml b/blueprints/wazuh/template.toml new file mode 100644 index 00000000..00eb3bbe --- /dev/null +++ b/blueprints/wazuh/template.toml @@ -0,0 +1,24 @@ +[variables] +main_domain = "${domain}" +indexer_username = "admin" +indexer_password = "${password:32}" +dashboard_username = "kibanaserver" +dashboard_password = "${password:32}" +api_username = "wazuh-wui" +api_password = "${password:32}" + +[config] +env = [ + "INDEXER_USERNAME=${indexer_username}", + "INDEXER_PASSWORD=${indexer_password}", + "DASHBOARD_USERNAME=${dashboard_username}", + "DASHBOARD_PASSWORD=${dashboard_password}", + "API_USERNAME=${api_username}", + "API_PASSWORD=${api_password}" +] +mounts = [] + +[[config.domains]] +serviceName = "wazuh.dashboard" +port = 5601 +host = "${main_domain}" diff --git a/blueprints/wazuh/wazuh.png b/blueprints/wazuh/wazuh.png new file mode 100644 index 00000000..6eb15f60 Binary files /dev/null and b/blueprints/wazuh/wazuh.png differ diff --git a/meta.json b/meta.json index 358c0902..029f481f 100644 --- a/meta.json +++ b/meta.json @@ -6012,6 +6012,24 @@ "self-hosted" ] }, + { + "id": "wazuh", + "name": "Wazuh", + "version": "4.14.1", + "description": "Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities for endpoint and cloud workload protection.", + "logo": "wazuh.png", + "links": { + "github": "https://github.com/wazuh/wazuh", + "website": "https://wazuh.com/", + "docs": "https://documentation.wazuh.com/" + }, + "tags": [ + "security", + "monitoring", + "siem", + "xdr" + ] + }, { "id": "web-check", "name": "Web-Check",