Build Wazuh Infrastructure

[datboyblu3]

Build the following Wazuh components for the entire infrastructure

The following blog posts can be found here

• Backend Storage
• Log Ingestion
• Log Analysis
• Wazuh Agent Installation
• Intelligent SIEM Installation
• Best Open Source SIEM Dashboards
• Firewall Log Collection Made Easy
• Firewall Threat Intel with Greynoise
• Log Normalization
• MISP Threat Intel

Manual Deployment YouTube Demos:

• Log Normalization

• Wazuh Indexer Install - Installing our SIEM Backend Storage

• Graylog Install — Log Ingestion

• Wazuh Manager Install

Terraform and Ansible Deployments

• Offical Wazuh Ansible Deployment Documentation
• Wazuh Ansible Deployment Code
• Terraform Ansible Deployment
• Wazuh Agent Install
• Intelligent SIEM Logging

More Helpful Articles

• Deploy a Virtual Machine to Proxmox with Terraform
• Integrate Ansible With Terraform

YouTube - Proxmox and Terraform

• Proxmox virtual machine automation in Terraform

[datboyblu3]

Wazuh indexer, server and dashboard are configured. However I'm receiving a "Wazuh dashboard is not ready yet" error message

[datboyblu3]

The dashboard is active and running but there's a "Response error" error message regarding Opensearch

[datboyblu3]

Edited the dashboard config file

[datboyblu3]

Logs from Wazuh Dashboard

Commands

journalctl -u wazuh-dashboard

cat /usr/share/wazuh-dashboard/data/wazuh/logs/wazuhapp.log | grep -i -E "error|warn"

Logs from Wazuh Indexer

Command

cat /var/log/wazuh-indexer/wazuh-cluster.log | grep -i -E "error|warn"

[datboyblu3]

Solved it! Followed steps 3 and onwards in the password management section of Wazuh documentation

Now I am able to log into my wazuh setup!