Merge pull request #11 from wazuh/master

Merge pull request #10 from wazuh/2.0_5.4.2
2025-10-23 04:51:57 +00:00 · 2017-06-21 18:08:45 +02:00
66 changed files with 1040 additions and 9078 deletions
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -1,36 +0,0 @@
-name: Wazuh Docker pipeline
-
-on: [push]
-
-jobs:
-  build-stack:
-    runs-on: ubuntu-latest
-    steps:
-
-    - name: Check out code
-      uses: actions/checkout@v2
-
-    - name: Build the docker-compose stack
-      run: docker-compose -f build-from-sources.yml up -d --build
-
-    - name: Check running containers
-      run: docker ps -a
-
-    - name: Shutdown the stack
-      run: docker-compose -f build-from-sources.yml kill
-
-    - name: Install Goss
-      uses: e1himself/goss-installation-action@v1.0.3
-      with:
-        version: v0.3.16
-
-    - name: Execute Goss tests (wazuh-odfe)
-      run: dgoss run wazuh/wazuh-odfe:dev-version
-      env:
-        GOSS_SLEEP: 30
-        GOSS_FILE: .goss.yaml
-
-    - name: Execute Goss tests (wazuh-kibana-odfe)
-      run: dgoss run wazuh/wazuh-kibana-odfe:dev-version
-      env:
-        GOSS_FILE: .goss.kibana.yaml
--- a/.goss.kibana.yaml
+++ b/.goss.kibana.yaml
@@ -1,53 +0,0 @@
-file:
-  /usr/share/kibana/config/kibana.yml:
-    exists: true
-    mode: "0664"
-    owner: kibana
-    group: root
-    filetype: file
-    contains: []
-  /usr/share/kibana/src/core/server/core_app/assets/legacy_light_theme.css:
-    exists: true
-    mode: "0664"
-    owner: kibana
-    group: root
-    filetype: file
-    contains: []
-  /usr/share/kibana/src/core/server/core_app/assets/wazuh_logo_circle.svg:
-    exists: true
-    mode: "0644"
-    owner: kibana
-    group: root
-    filetype: file
-    contains: []
-  /usr/share/kibana/src/core/server/core_app/assets/wazuh_wazuh_bg.svg:
-    exists: true
-    mode: "0644"
-    owner: kibana
-    group: root
-    filetype: file
-    contains: []
-  /usr/share/kibana/data/wazuh/config/wazuh.yml:
-    exists: true
-    mode: "0644"
-    owner: kibana
-    group: kibana
-    filetype: file
-    contains: []
-  /usr/share/kibana/src/legacy/ui/ui_render/bootstrap/template.js.hbs:
-    exists: true
-    mode: "0664"
-    owner: kibana
-    group: root
-    filetype: file
-    contains: []
-user:
-  kibana:
-    exists: true
-    groups:
-    - kibana
-    home: /usr/share/kibana
-    shell: /bin/bash
-group:
-  kibana:
-    exists: true
--- a/.goss.yaml
+++ b/.goss.yaml
@@ -1,115 +0,0 @@
-file:
-  /etc/filebeat/filebeat.yml:
-    exists: true
-    mode: "0644"
-    owner: root
-    group: root
-    filetype: file
-    contains: []
-  /var/ossec/bin/wazuh-control:
-    exists: true
-    mode: "0750"
-    owner: root
-    group: root
-    filetype: file
-    contains: []
-  /var/ossec/etc/lists/audit-keys:
-    exists: true
-    mode: "0660"
-    owner: ossec
-    group: ossec
-    filetype: file
-    contains: []
-  /var/ossec/etc/ossec.conf:
-    exists: true
-    mode: "0660"
-    owner: root
-    group: ossec
-    filetype: file
-    contains: []
-  /var/ossec/etc/rules/local_rules.xml:
-    exists: true
-    mode: "0660"
-    owner: ossec
-    group: ossec
-    filetype: file
-    contains: []
-  /var/ossec/etc/sslmanager.cert:
-    exists: true
-    mode: "0640"
-    owner: root
-    group: root
-    filetype: file
-    contains: []
-  /var/ossec/etc/sslmanager.key:
-    exists: true
-    mode: "0640"
-    owner: root
-    group: root
-    filetype: file
-    contains: []
-package:
-  filebeat:
-    installed: true
-    versions:
-    - 7.10.2
-  wazuh-manager:
-    installed: true
-    versions:
-    - 4.2.7
-port:
-  tcp:1514:
-    listening: true
-    ip:
-    - 0.0.0.0
-  tcp:1515:
-    listening: true
-    ip:
-    - 0.0.0.0
-  tcp:55000:
-    listening: true
-    ip:
-    - 0.0.0.0
-user:
-  ossec:
-    exists: true
-    groups:
-    - ossec
-    home: /var/ossec
-    shell: /sbin/nologin
-  ossecm:
-    exists: true
-    groups:
-    - ossec
-    home: /var/ossec
-    shell: /sbin/nologin
-  ossecr:
-    exists: true
-    groups:
-    - ossec
-    home: /var/ossec
-    shell: /sbin/nologin
-group:
-  ossec:
-    exists: true
-process:
-  filebeat:
-    running: true
-  wazuh-analysisd:
-    running: true
-  wazuh-authd:
-    running: true
-  wazuh-execd:
-    running: true
-  wazuh-monitord:
-    running: true
-  wazuh-remoted:
-    running: true
-  wazuh-syscheckd:
-    running: true
-  s6-supervise:
-    running: true
-  wazuh-db:
-    running: true
-  wazuh-modulesd:
-    running: true
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,431 +0,0 @@
-# Change Log
-All notable changes to this project will be documented in this file.
-
-## Wazuh Docker v4.2.7
-### Added
-
- Update Wazuh to version [4.2.7](https://github.com/wazuh/wazuh/blob/v4.2.7/CHANGELOG.md#v427)
-
-## Wazuh Docker v4.2.6
-### Added
-
- Update Wazuh to version [4.2.6](https://github.com/wazuh/wazuh/blob/v4.2.6/CHANGELOG.md#v426)
-
-## Wazuh Docker v4.2.5
-### Added
-
- Update Wazuh to version [4.2.5](https://github.com/wazuh/wazuh/blob/v4.2.5/CHANGELOG.md#v425)
-
-## Wazuh Docker v4.2.4
-### Added
-
- Update Wazuh to version [4.2.4](https://github.com/wazuh/wazuh/blob/v4.2.4/CHANGELOG.md#v424)
-
-
-## Wazuh Docker v4.2.3
-### Added
-
- Update Wazuh to version [4.2.3](https://github.com/wazuh/wazuh/blob/v4.2.3/CHANGELOG.md#v423)
-
-## Wazuh Docker v4.2.2
-### Added
-
- Update Wazuh to version [4.2.2](https://github.com/wazuh/wazuh/blob/v4.2.2/CHANGELOG.md#v422)
-
-## Wazuh Docker v4.2.1
-### Added
-
- Update Wazuh to version [4.2.1](https://github.com/wazuh/wazuh/blob/v4.2.1/CHANGELOG.md#v421)
-
-## Wazuh Docker v4.2.0
-### Added
-
- Update Wazuh to version [4.2.0](https://github.com/wazuh/wazuh/blob/v4.2.0/CHANGELOG.md#v420)
-
-## Wazuh Docker v4.1.5
-### Added
-
- Update Wazuh to version [4.1.5](https://github.com/wazuh/wazuh/blob/v4.1.5/CHANGELOG.md#v415)
- Update ODFE compatibility to version 1.13.2
-
-## Wazuh Docker v4.1.4
-### Added
-
- Update Wazuh to version [4.1.4](https://github.com/wazuh/wazuh/blob/v4.1.4/CHANGELOG.md#v414)
-
-## Wazuh Docker v4.1.3
-### Added
-
- Update Wazuh to version [4.1.3](https://github.com/wazuh/wazuh/blob/v4.1.3/CHANGELOG.md#v413)
-
-## Wazuh Docker v4.1.2
-### Added
-
- Update Wazuh to version [4.1.2](https://github.com/wazuh/wazuh/blob/v4.1.2/CHANGELOG.md#v412)
-
-## Wazuh Docker v4.1.1
-### Added
-
- Update Wazuh to version [4.1.1](https://github.com/wazuh/wazuh/blob/v4.1.1/CHANGELOG.md#v411)
-
-## Wazuh Docker v4.1.0
-### Added
-
- Update Wazuh to version [4.1.0](https://github.com/wazuh/wazuh/blob/v4.1.0/CHANGELOG.md#v410)
- Update ODFE compatibility to version 1.12.0
- Add support for Elasticsearch (xpack) images once again (7.10.2)  ([@xr09](https://github.com/xr09)) [#409](https://github.com/wazuh/wazuh-docker/pull/409)
- Re-enable entrypoint scripts  ([@xr09](https://github.com/xr09)) [#435](https://github.com/wazuh/wazuh-docker/pull/435)
- Add Goss binary for healthchecks ([@xr09](https://github.com/xr09)) [$441](https://github.com/wazuh/wazuh-docker/pull/441)
- Update s6-overlay to latest version
-
-## Wazuh Docker v4.0.4_1.11.0
-
-### Added
-
- Update to Wazuh version [4.0.4](https://github.com/wazuh/wazuh/blob/v4.0.4/CHANGELOG.md#v404)
-
-
-## Wazuh Docker v4.0.3_1.11.0
-
-### Added
-
- Update to Wazuh version 4.0.3
-
-
-## Wazuh Docker v4.0.2_1.11.0
-
-### Added
-
- Update to Wazuh version 4.0.2
-
-## Wazuh Docker v4.0.1_1.11.0
-
-### Added
-
- Update to Wazuh version 4.0.1
- Opendistro 1.11.0 compatiblity
- Re-enabled dumping ossec.log to stdout
-
-## Wazuh Docker v4.0.0_1.10.1
-
-### Added
-
- Update to Wazuh version 4.0.0
- Updating Wazuh cluster key dynamically ([@1stOfHisGame](https://github.com/1stOfHisGame))  [#393](https://github.com/wazuh/wazuh-docker/pull/393)
- Switched to CentOS 7 for base image ([@xr09](https://github.com/xr09)) [#259](https://github.com/wazuh/wazuh-docker/issues/259)
- Using s6-overlay for process management ([@xr09](https://github.com/xr09)) [#274](https://github.com/wazuh/wazuh-docker/issues/274)
- Allow the creation of custom API users ([@xr09](https://github.com/xr09)) [#395](https://github.com/wazuh/wazuh-docker/issues/395)
- OpenDistro support ([@xr09](https://github.com/xr09)) [#373](https://github.com/wazuh/wazuh-docker/pull/373)
-
-
-### Changed
-
- Removal of Elastic images
-
-
-## Wazuh Docker v3.13.2_7.9.1
-
-### Added
-
- Update to Wazuh version 3.13.2_7.9.1
- Add CLUSTER_NETWORK_HOST environment variable ([@jfut](https://github.com/jfut)) [#372](https://github.com/wazuh/wazuh-docker/pull/372)
-
-### Fixed
-
- Too many redirects when running on port 80 ([@chowmean](https://github.com/chowmean)) [#377](https://github.com/wazuh/wazuh-docker/pull/377)
- Move Filebeat installation to build stage ([@xr09](https://github.com/xr09)) [#378](https://github.com/wazuh/wazuh-docker/pull/378)
-
-
-## Wazuh Docker v3.13.1_7.8.0
-
-### Added
-
- Update to Wazuh version 3.13.1_7.8.0
-
-
-## Wazuh Docker v3.13.0_7.7.1
-
-### Added
-
- Update to Wazuh version 3.13.3_7.7.1
-
-### Fixed
-
- Save agentless state ([@xr09](https://github.com/xr09)) [#350](https://github.com/wazuh/wazuh-docker/pull/350)
- Use HTTP credentials for service check when required ([@xr09](https://github.com/xr09)) [#356](https://github.com/wazuh/wazuh-docker/pull/356)
-
-## Wazuh Docker v3.12.3_7.6.2
-
-### Added
-
- Update to Wazuh version 3.12.3_7.6.2
-
-
-## Wazuh Docker v3.12.2_7.6.2
-
-### Added
-
- Update to Wazuh version 3.12.2_7.6.2
-
-## Wazuh Docker v3.12.1_7.6.2
-
-### Added
-
- Update to Wazuh version 3.12.1_7.6.2
-
-### Fixed
-
- Agent timestamp not being properly saved ([@xr09](https://github.com/xr09)) [#323](https://github.com/wazuh/wazuh-docker/pull/323)
-
-
-## Wazuh Docker v3.12.0_7.6.1
-
-### Added
-
- Update to Wazuh version 3.12.0_7.6.1
-
-
-## Wazuh Docker v3.11.4_7.6.1
-
-### Added
-
- Update to Wazuh version 3.11.4_7.6.1
-
- Enable HTTP v2 on nginx ([@xr09](https://github.com/xr09)) [#308](https://github.com/wazuh/wazuh-docker/pull/308)
-
-### Fixed
-
- Updated NGINX config syntax ([@xr09](https://github.com/xr09)) [#303](https://github.com/wazuh/wazuh-docker/pull/303)
-
-
-## Wazuh Docker v3.11.3_7.5.2
-
-### Added
-
- Update to Wazuh version 3.11.3_7.5.2
-
-## Wazuh Docker v3.11.2_7.5.1
-
-### Added
-
- Bumped Node.js to version 10 ([@xr09](https://github.com/xr09)) [#8615cd4](https://github.com/wazuh/wazuh-docker/commit/8615cd4d2152601e55becc7c3675360938e74b6a)
-
-### Fixed
-
- Fix S3 Plugin ([@AnthonySendra](https://github.com/AnthonySendra)) [#293](https://github.com/wazuh/wazuh-docker/pull/293)
-
-## Wazuh Docker v3.11.1_7.5.1
-
-### Added
-
- Update to Wazuh version 3.11.1_7.5.1
- Filebeat configuration file updated to latest version ([@manuasir](https://github.com/manuasir)) [#271](https://github.com/wazuh/wazuh-docker/pull/271)
- Allow using the hostname as node_name for managers ([@JPLachance](https://github.com/JPLachance)) [#261](https://github.com/wazuh/wazuh-docker/pull/261)
-
-## Wazuh Docker v3.11.0_7.5.1
-
-### Added
-
- Update to Wazuh version 3.11.0_7.5.1
-
-## Wazuh Docker v3.10.2_7.5.0
-
-### Added
-
- Update to Wazuh version 3.10.2_7.5.0
-
-## Wazuh Docker v3.10.2_7.3.2
-
-### Added
-
- Update to Wazuh version 3.10.2_7.3.2
-
-## Wazuh Docker v3.10.0_7.3.2
-
-### Added
-
- Update to Wazuh version 3.10.0_7.3.2
-
-## Wazuh Docker v3.9.5_7.2.1
-
-### Added
-
- Update to Wazuh version 3.9.5_7.2.1
-
-## Wazuh Docker v3.9.4_7.2.0
-
-### Added
-
- Update to Wazuh version 3.9.4_7.2.0
- Implemented Wazuh Filebeat Module ([jm404](https://www.github.com/jm404)) [#2a77c6a](https://github.com/wazuh/wazuh-docker/commit/2a77c6a6e6bf78f2492adeedbade7a507d9974b2)
-
-## Wazuh Docker v3.9.3_7.2.0
-
-### Fixed
- Wazuh-docker reinserts cluster settings after resuming containers ([@manuasir](https://github.com/manuasir)) [#213](https://github.com/wazuh/wazuh-docker/pull/213)
-
-## Wazuh Docker v3.9.2_7.1.1
-
-### Added
-
- Update to Wazuh version 3.9.2_7.1.1
-
-## Wazuh Docker v3.9.2_6.8.0
-
-### Added
-
- Update to Wazuh version 3.9.2_6.8.0
-
-## Wazuh Docker v3.9.1_7.1.0
-
-### Added
-
- Support for Elastic v7.1.0
- New environment variables for Kibana ([@manuasir](https://github.com/manuasir)) [#22ad43](https://github.com/wazuh/wazuh-docker/commit/22ad4360f548e54bb0c5e929f8c84a186ad2ab88)
-
-## Wazuh Docker v3.9.1_6.8.0
-
-### Added
-
- Update to Wazuh version 3.9.1_6.8.0 ([#181](https://github.com/wazuh/wazuh-docker/pull/181))
-
-### Fixed
-
- Fixed `ELASTICSEARCH_KIBANA_IP` environment variable ([@manuasir](https://github.com/manuasir)) ([#181](https://github.com/wazuh/wazuh-docker/pull/181))
-
-## Wazuh Docker v3.9.0_6.7.2
-
-### Changed
-
- Update Elastic Stack version to 6.7.2.
-
-## Wazuh Docker v3.9.0_6.7.1
-
-### Added
-
- Support for xPACK authorized requests ([@manuasir](https://github.com/manuasir)) ([#119](https://github.com/wazuh/wazuh-docker/pull/119))
- Add Elasticsearch cluster configuration ([@SitoRBJ](https://github.com/SitoRBJ)). ([#146](https://github.com/wazuh/wazuh-docker/pull/146))
- Add Elasticsearch cluster configuration ([@Phandora](https://github.com/Phandora)) ([#140](https://github.com/wazuh/wazuh-docker/pull/140))
- Setting Nginx to support several user/passwords in Kibana ([@toniMR](https://github.com/toniMR)) ([#136](https://github.com/wazuh/wazuh-docker/pull/136))
-
-
-### Changed
-
- Use LS_JAVA_OPTS instead of old LS_HEAP_SIZE ([@ruffy91](https://github.com/ruffy91)) ([#139](https://github.com/wazuh/wazuh-docker/pull/139))
- Changing the original Wazuh docker image to allow adding code in the entrypoint ([@Phandora](https://github.com/phandora)) ([#151](https://github.com/wazuh/wazuh-docker/pull/151))
-
-### Removed
-
- Removing files from Wazuh image ([@Phandora](https://github.com/phandora)) ([#153](https://github.com/wazuh/wazuh-docker/pull/153))
-
-## Wazuh Docker v3.8.2_6.7.0
-
-### Changed
-
- Update Elastic Stack version to 6.7.0. ([#144](https://github.com/wazuh/wazuh-docker/pull/144))
-
-## Wazuh Docker v3.8.2_6.6.2
-
-### Changed
-
- Update Elastic Stack version to 6.6.2. ([#130](https://github.com/wazuh/wazuh-docker/pull/130))
-
-## Wazuh Docker v3.8.2_6.6.1
-
-### Changed
-
- Update Elastic Stack version to 6.6.1. ([#129](https://github.com/wazuh/wazuh-docker/pull/129))
-
-## Wazuh Docker v3.8.2_6.5.4
-
-### Added
-
- Add Wazuh-Elasticsearch. ([#106](https://github.com/wazuh/wazuh-docker/pull/106))
- Store Filebeat _/var/lib/filebeat/registry._ ([#109](https://github.com/wazuh/wazuh-docker/pull/109))
- Adding the option to disable some xpack features. ([#111](https://github.com/wazuh/wazuh-docker/pull/111))
- Wazuh-Kibana customizable at plugin level. ([#117](https://github.com/wazuh/wazuh-docker/pull/117))
- Adding env variables for alerts data flow. ([#118](https://github.com/wazuh/wazuh-docker/pull/118))
- New Logstash entrypoint added. ([#135](https://github.com/wazuh/wazuh-docker/pull/135/files))
- Welcome screen management. ([#133](https://github.com/wazuh/wazuh-docker/pull/133))
-
-### Changed
-
- Update to Wazuh version 3.8.2. ([#105](https://github.com/wazuh/wazuh-docker/pull/105))
-
-### Removed
-
- Remove alerts created in build time. ([#137](https://github.com/wazuh/wazuh-docker/pull/137))
-
-
-## Wazuh Docker v3.8.1_6.5.4
-
-### Changed
- Update to Wazuh version 3.8.1. ([#102](https://github.com/wazuh/wazuh-docker/pull/102))
-
-## Wazuh Docker v3.8.0_6.5.4
-
-### Changed
-
- Upgrade version 3.8.0_6.5.4. ([#97](https://github.com/wazuh/wazuh-docker/pull/97))
-
-### Removed
-
- Remove cluster.py work around. ([#99](https://github.com/wazuh/wazuh-docker/pull/99))
-
-## Wazuh Docker v3.7.2_6.5.4
-
-### Added
-
- Improvements to Kibana settings added. ([#91](https://github.com/wazuh/wazuh-docker/pull/91))
- Add Kibana environmental variables for Wazuh APP config.yml. ([#89](https://github.com/wazuh/wazuh-docker/pull/89))
-
-### Changed
-
- Update Elastic Stack version to 6.5.4. ([#82](https://github.com/wazuh/wazuh-docker/pull/82))
- Add env credentials for nginx. ([#86](https://github.com/wazuh/wazuh-docker/pull/86))
- Improve filebeat configuration ([#88](https://github.com/wazuh/wazuh-docker/pull/88))
-
-### Fixed
-
- Temporary fix for Wazuh cluster master node in Kubernetes. ([#84](https://github.com/wazuh/wazuh-docker/pull/84))
-
-## Wazuh Docker v3.7.2_6.5.3
-
-### Changed
-
- Erasing temporary fix for AWS integration. ([#81](https://github.com/wazuh/wazuh-docker/pull/81))
-
-### Fixed
-
- Upgrading errors due to wrong files. ([#80](https://github.com/wazuh/wazuh-docker/pull/80))
-
-
-## Wazuh Docker v3.7.0_6.5.0
-
-### Changed
-
- Adapt to Elastic stack 6.5.0.
-
-## Wazuh Docker v3.7.0_6.4.3
-
-### Added
-
- Allow custom scripts or commands before service start ([#58](https://github.com/wazuh/wazuh-docker/pull/58))
- Added description for wazuh-nginx ([#59](https://github.com/wazuh/wazuh-docker/pull/59))
- Added license file to match https://github.com/wazuh/wazuh LICENSE ([#60](https://github.com/wazuh/wazuh-docker/pull/60))
- Added SMTP packages ([#67](https://github.com/wazuh/wazuh-docker/pull/67))
-
-### Changed
-
- Increased proxy buffer for NGINX Kibana ([#51](https://github.com/wazuh/wazuh-docker/pull/51))
- Updated logstash config to remove deprecation warnings ([#55](https://github.com/wazuh/wazuh-docker/pull/55))
- Set ossec user's home path ([#61](https://github.com/wazuh/wazuh-docker/pull/61))
-
-### Fixed
-
- Fixed a bug that prevents the API from starting when the Wazuh manager was updated. Change in the files that are stored in the volume.  ([#65](https://github.com/wazuh/wazuh-docker/pull/65))
- Fixed script reference ([#62](https://github.com/wazuh/wazuh-docker/pull/62/files))
-
-## Wazuh Docker v3.6.1_6.4.3
-
-Wazuh-Docker starting point.
--- a/475
+++ b/475
@@ -1,475 +0,0 @@
-
- Portions Copyright (C) 2021 Wazuh, Inc.
- Based on work Copyright (C) 2003 - 2013 Trend Micro, Inc.
-
- This program is a free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License (version 2) as
- published by the FSF - Free Software Foundation.
-
- In addition, certain source files in this program permit linking with the
- OpenSSL library (http://www.openssl.org), which otherwise wouldn't be allowed
- under the GPL.  For purposes of identifying OpenSSL, most source files giving
- this permission limit it to versions of OpenSSL having a license identical to
- that listed in this file (see section "OpenSSL LICENSE" below). It is not
- necessary for the copyright years to match between this file and the OpenSSL
- version in question.  However, note that because this file is an extension of
- the license statements of these source files, this file may not be changed
- except with permission from all copyright holders of source files in this
- program which reference this file.
-
- Note that this license applies to the source code, as well as
- decoders, rules and any other data file included with OSSEC (unless
- otherwise specified).
-
- For the purpose of this license, we consider an application to constitute a
- "derivative work" or a work based on this program if it does any of the
- following (list not exclusive):
-
-  * Integrates source code/data files from OSSEC.
-  * Includes OSSEC copyrighted material.
-  * Includes/integrates OSSEC into a proprietary executable installer.
-  * Links to a library or executes a program that does any of the above.
-
- This list is not exclusive, but just a clarification of our interpretation
- of derived works. These restrictions only apply if you actually redistribute
- OSSEC (or parts of it).
-
- We don't consider these to be added restrictions on top of the GPL,
- but just a clarification of how we interpret "derived works" as it
- applies to OSSEC. This is similar to the way Linus Torvalds has
- announced his interpretation of how "derived works" applies to Linux kernel
- modules. Our interpretation refers only to OSSEC - we don't speak
- for any other GPL products.
-
-  * As a special exception, the copyright holders give
-  * permission to link the code of portions of this program with the
-  * OpenSSL library under certain conditions as described in each
-  * individual source file, and distribute linked combinations
-  * including the two.
-  * You must obey the GNU General Public License in all respects
-  * for all of the code used other than OpenSSL.  If you modify
-  * file(s) with this exception, you may extend this exception to your
-  * version of the file(s), but you are not obligated to do so.  If you
-  * do not wish to do so, delete this exception statement from your
-  * version.  If you delete this exception statement from all source
-  * files in the program, then also delete it here.
-
- OSSEC HIDS is distributed in the hope that it will be useful, but WITHOUT
- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- FITNESS FOR A PARTICULAR PURPOSE.
- See the GNU General Public License Version 2 below for more details.
-
-----------------------------------------------------------------------------
-
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-			    Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Lesser General Public License instead.)  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-		    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-			    NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-		     END OF TERMS AND CONDITIONS
-
-
-------------------------------------------------------------------------------
-
-OpenSSL License
---------------
-
-  LICENSE ISSUES
-  ==============
-
-  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
-  the OpenSSL License and the original SSLeay license apply to the toolkit.
-  See below for the actual license texts. Actually both licenses are BSD-style
-  Open Source licenses. In case of any license issues related to OpenSSL
-  please contact openssl-core@openssl.org.
-
-  OpenSSL License
-  ---------------
-
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
- Original SSLeay License
- -----------------------
-
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the routines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
--- a/README.md
+++ b/README.md
@@ -1,192 +1,21 @@
-# Wazuh containers for Docker
+# IMPORTANT NOTE

-[![Slack](https://img.shields.io/badge/slack-join-blue.svg)](https://wazuh.com/community/join-us-on-slack/)
-[![Email](https://img.shields.io/badge/email-join-blue.svg)](https://groups.google.com/forum/#!forum/wazuh)
-[![Documentation](https://img.shields.io/badge/docs-view-green.svg)](https://documentation.wazuh.com)
-[![Documentation](https://img.shields.io/badge/web-view-green.svg)](https://wazuh.com)
+The first time than you runt this container can take a while until kibana finish the configuration, the Wazuh plugin can take a few minutes until finish the instalation, please be patient.

-In this repository you will find the containers to run:
+# Docker container Wazuh 2.0 + ELK(5.4.2)

-* wazuh-opendistro: It runs the Wazuh manager, Wazuh API and Filebeat OSS (for integration with ODFE)
-* wazuh-kibana-opendistro: Provides a web user interface to browse through alerts data. It includes Wazuh plugin for Kibana, that allows you to visualize agents configuration and status.
-* opendistro-for-elasticsearch: An Elasticsearch (ODFE) container (working as a single-node cluster) using ODFE Docker images. **Be aware to increase the `vm.max_map_count` setting, as it's detailed in the [Wazuh documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#increase-max-map-count-on-your-host-linux).**
-
-In addition, a docker-compose file is provided to launch the containers mentioned above.
-
-* Elasticsearch cluster. In the Elasticsearch Dockerfile we can visualize variables to configure an Elasticsearch Cluster. These variables are used in the file *config_cluster.sh* to set them in the *elasticsearch.yml* configuration file. You can see the meaning of the node variables [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html) and other cluster settings [here](https://github.com/elastic/elasticsearch/blob/master/distribution/src/config/elasticsearch.yml).
+This Docker container source files can be found in our [Wazuh Github repository](https://github.com/wazuh/wazuh). It includes both an OSSEC manager and an Elasticsearch single-node cluster, with Logstash and Kibana. You can find more information on how these components work together in our documentation.

 ## Documentation

-* [Wazuh full documentation](http://documentation.wazuh.com)
-* [Wazuh documentation for Docker](https://documentation.wazuh.com/current/docker/index.html)
-* [Docker hub](https://hub.docker.com/u/wazuh)
+* [Full documentation](http://documentation.wazuh.com)
+* [Wazuh-docker module documentation](https://documentation.wazuh.com/current/docker/index.html)
+* [Hub docker](https://hub.docker.com/u/wazuh)

+## Credits and thank you

-### Setup SSL certificate
+These Docker containers are based on "deviantony" dockerfiles which can be found at [https://github.com/deviantony/docker-elk] (https://github.com/deviantony/docker-elk), and "xetus-oss" dockerfiles, which can be found at [https://github.com/xetus-oss/docker-ossec-server](https://github.com/xetus-oss/docker-ossec-server). We created our own fork, which we test and maintain. Thank you Anthony Lapenna for your contribution to the community.

-Before starting the environment it is required to provide an SSL certificate (or just generate one self-signed).
+## References

-Documentation on how to provide these two can be found at [Wazuh Docer Documentation](https://documentation.wazuh.com/current/docker/wazuh-container.html#production-deployment).
-
-
-## Environment Variables
-
-Default values are included when available.
-
-### Wazuh
-```
-API_USERNAME="wazuh"                                # Wazuh API username
-API_PASSWORD="wazuh"                                # Wazuh API password - Must comply with requirements
-                                                    # (8+ length, uppercase, lowercase, specials chars)
-
-ELASTICSEARCH_URL=https://elasticsearch:9200        # Elasticsearch URL
-ELASTIC_USERNAME=admin                              # Elasticsearch Username
-ELASTIC_PASSWORD=admin                              # Elasticsearch Password
-FILEBEAT_SSL_VERIFICATION_MODE=full                 # Filebeat SSL Verification mode (full or none)
-SSL_CERTIFICATE_AUTHORITIES=""                      # Path of Filebeat SSL CA
-SSL_CERTIFICATE=""                                  # Path of Filebeat SSL Certificate
-SSL_KEY=""                                          # Path of Filebeat SSL Key
-```
-
-### Kibana
-```
-PATTERN="wazuh-alerts-*"        # Default index pattern to use
-
-CHECKS_PATTERN=true             # Defines which checks must to be consider by the healthcheck
-CHECKS_TEMPLATE=true            # step once the Wazuh app starts. Values must to be true or false
-CHECKS_API=true
-CHECKS_SETUP=true
-
-EXTENSIONS_PCI=true             # Enable PCI Extension
-EXTENSIONS_GDPR=true            # Enable GDPR Extension
-EXTENSIONS_HIPAA=true           # Enable HIPAA Extension
-EXTENSIONS_NIST=true            # Enable NIST Extension
-EXTENSIONS_TSC=true             # Enable TSC Extension
-EXTENSIONS_AUDIT=true           # Enable Audit Extension
-EXTENSIONS_OSCAP=false          # Enable OpenSCAP Extension
-EXTENSIONS_CISCAT=false         # Enable CISCAT Extension
-EXTENSIONS_AWS=false            # Enable AWS Extension
-EXTENSIONS_GCP=false            # Enable GCP Extension
-EXTENSIONS_VIRUSTOTAL=false     # Enable Virustotal Extension
-EXTENSIONS_OSQUERY=false        # Enable OSQuery Extension
-EXTENSIONS_DOCKER=false         # Enable Docker Extension
-
-APP_TIMEOUT=20000               # Defines maximum timeout to be used on the Wazuh app requests
-
-API_SELECTOR=true               Defines if the user is allowed to change the selected API directly from the Wazuh app top menu
-IP_SELECTOR=true                # Defines if the user is allowed to change the selected index pattern directly from the Wazuh app top menu
-IP_IGNORE="[]"                  # List of index patterns to be ignored
-
-WAZUH_MONITORING_ENABLED=true       # Custom settings to enable/disable wazuh-monitoring indices
-WAZUH_MONITORING_FREQUENCY=900      # Custom setting to set the frequency for wazuh-monitoring indices cron task
-WAZUH_MONITORING_SHARDS=2           # Configure wazuh-monitoring-* indices shards and replicas
-WAZUH_MONITORING_REPLICAS=0         #
-
-ADMIN_PRIVILEGES=true               # App privileges
-```
-
-## Directory structure
-
-    ├── CHANGELOG.md
-    ├── docker-compose.yml
-    ├── generate-opendistro-certs.yml
-    ├── kibana-odfe
-    │   ├── config
-    │   │   ├── custom_welcome
-    │   │   │   ├── light_theme.style.css
-    │   │   │   ├── template.js.hbs
-    │   │   │   ├── wazuh_logo_circle.svg
-    │   │   │   └── wazuh_wazuh_bg.svg
-    │   │   ├── entrypoint.sh
-    │   │   ├── kibana_settings.sh
-    │   │   ├── wazuh_app_config.sh
-    │   │   ├── wazuh.yml
-    │   │   └── welcome_wazuh.sh
-    │   └── Dockerfile
-    ├── LICENSE
-    ├── production_cluster
-    │   ├── elastic_opendistro
-    │   │   ├── elasticsearch-node1.yml
-    │   │   ├── elasticsearch-node2.yml
-    │   │   ├── elasticsearch-node3.yml
-    │   │   └── internal_users.yml
-    │   ├── kibana_ssl
-    │   │   └── generate-self-signed-cert.sh
-    │   ├── nginx
-    │   │   ├── nginx.conf
-    │   │   └── ssl
-    │   │       └── generate-self-signed-cert.sh
-    │   ├── ssl_certs
-    │   │   └── certs.yml
-    │   └── wazuh_cluster
-    │       ├── wazuh_manager.conf
-    │       └── wazuh_worker.conf
-    ├── production-cluster.yml
-    ├── README.md
-    ├── VERSION
-    └── wazuh-odfe
-        ├── config
-        │   ├── create_user.py
-        │   ├── etc
-        │   │   ├── cont-init.d
-        │   │   │   ├── 0-wazuh-init
-        │   │   │   ├── 1-config-filebeat
-        │   │   │   └── 2-manager
-        │   │   └── services.d
-        │   │       └── filebeat
-        │   │           ├── finish
-        │   │           └── run
-        │   ├── filebeat.yml
-        │   ├── permanent_data.env
-        │   ├── permanent_data.sh
-        │   └── wazuh.repo
-        └── Dockerfile
-
-
-
-## Branches
-
-* `master` branch contains the latest code, be aware of possible bugs on this branch.
-* `stable` branch on correspond to the last Wazuh stable version.
-
-
-## Compatibility Matrix
-
-| Wazuh version | ODFE    | XPACK  |
-|---------------|---------|--------|
-| v4.2.7        | 1.13.2  | 7.11.2 |
-| v4.2.6        | 1.13.2  | 7.11.2 |
-| v4.2.5        | 1.13.2  | 7.11.2 |
-| v4.2.4        | 1.13.2  | 7.11.2 |
-| v4.2.3        | 1.13.2  | 7.11.2 |
-| v4.2.2        | 1.13.2  | 7.11.2 |
-| v4.2.1        | 1.13.2  | 7.11.2 |
-| v4.2.0        | 1.13.2  | 7.10.2 |
-| v4.1.5        | 1.13.2  | 7.10.2 |
-| v4.1.4        | 1.12.0  | 7.10.2 |
-| v4.1.3        | 1.12.0  | 7.10.2 |
-| v4.1.2        | 1.12.0  | 7.10.2 |
-| v4.1.1        | 1.12.0  | 7.10.2 |
-| v4.1.0        | 1.12.0  | 7.10.2 |
-| v4.0.4        | 1.11.0  |        |
-| v4.0.3        | 1.11.0  |        |
-| v4.0.2        | 1.11.0  |        |
-| v4.0.1        | 1.11.0  |        |
-| v4.0.0        | 1.10.1  |        |
-
-## Credits and Thank you
-
-These Docker containers are based on:
-
-*  "deviantony" dockerfiles which can be found at [https://github.com/deviantony/docker-elk](https://github.com/deviantony/docker-elk)
-*  "xetus-oss" dockerfiles, which can be found at [https://github.com/xetus-oss/docker-ossec-server](https://github.com/xetus-oss/docker-ossec-server)
-
-We thank you them and everyone else who has contributed to this project.
-
-## License and copyright
-
-Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-
-## Web references
-
-[Wazuh website](http://wazuh.com)
+* [Wazuh website](http://wazuh.com)
--- a/2
+++ b/2
@@ -1,2 +0,0 @@
-WAZUH-DOCKER_VERSION="4.2.7"
-REVISION="40222"
--- a/build-from-sources.yml
+++ b/build-from-sources.yml
@@ -1,84 +0,0 @@
-# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-version: '3.7'
-
-services:
-  wazuh:
-    build:  wazuh-odfe/
-    image: wazuh/wazuh-odfe:dev-version
-    hostname: wazuh-manager
-    restart: always
-    ports:
-      - "1514:1514"
-      - "1515:1515"
-      - "514:514/udp"
-      - "55000:55000"
-    environment:
-      - ELASTICSEARCH_URL=https://elasticsearch:9200
-      - ELASTIC_USERNAME=admin
-      - ELASTIC_PASSWORD=admin
-      - FILEBEAT_SSL_VERIFICATION_MODE=none
-    volumes:
-      - ossec_api_configuration:/var/ossec/api/configuration
-      - ossec_etc:/var/ossec/etc
-      - ossec_logs:/var/ossec/logs
-      - ossec_queue:/var/ossec/queue
-      - ossec_var_multigroups:/var/ossec/var/multigroups
-      - ossec_integrations:/var/ossec/integrations
-      - ossec_active_response:/var/ossec/active-response/bin
-      - ossec_agentless:/var/ossec/agentless
-      - ossec_wodles:/var/ossec/wodles
-      - filebeat_etc:/etc/filebeat
-      - filebeat_var:/var/lib/filebeat
-
-  elasticsearch:
-    image: amazon/opendistro-for-elasticsearch:1.13.2
-    hostname: elasticsearch
-    restart: always
-    ports:
-      - "9200:9200"
-    environment:
-      - discovery.type=single-node
-      - cluster.name=wazuh-cluster
-      - network.host=0.0.0.0
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-      - bootstrap.memory_lock=true
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
-
-  kibana:
-    build: kibana-odfe/
-    image: wazuh/wazuh-kibana-odfe:dev-version
-    hostname: kibana
-    restart: always
-    ports:
-      - 443:5601
-    environment:
-      - ELASTICSEARCH_USERNAME=admin
-      - ELASTICSEARCH_PASSWORD=admin
-      - SERVER_SSL_ENABLED=true
-      - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/opendistroforelasticsearch.example.org.cert
-      - SERVER_SSL_KEY=/usr/share/kibana/config/opendistroforelasticsearch.example.org.key
-
-    depends_on:
-      - elasticsearch
-    links:
-      - elasticsearch:elasticsearch
-      - wazuh:wazuh
-
-volumes:
-  ossec_api_configuration:
-  ossec_etc:
-  ossec_logs:
-  ossec_queue:
-  ossec_var_multigroups:
-  ossec_integrations:
-  ossec_active_response:
-  ossec_agentless:
-  ossec_wodles:
-  filebeat_etc:
-  filebeat_var:
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,82 +1,71 @@
-# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-version: '3.7'
+version: '2'

 services:
  wazuh:
-    image: wazuh/wazuh-odfe:4.2.7
+    image: wazuh/wazuh
    hostname: wazuh-manager
    restart: always
    ports:
-      - "1514:1514"
+      - "1514/udp:1514/udp"
      - "1515:1515"
-      - "514:514/udp"
+      - "514/udp:514/udp"
      - "55000:55000"
+    networks:
+        - docker_elk
+#    volumes:
+#      - my-path:/var/ossec/data
+#      - my-path:/etc/postfix
+    depends_on:
+      - elasticsearch
+  logstash:
+    image: wazuh/wazuh-logstash
+    hostname: logstash
+    restart: always
+    command: -f /etc/logstash/conf.d/
+#    volumes:
+#      - my-path:/etc/logstash/conf.d
+    links:
+     - kibana
+     - elasticsearch
+    ports:
+      - "5000:5000"
+    networks:
+        - docker_elk
+    depends_on:
+      - elasticsearch
    environment:
-      - ELASTICSEARCH_URL=https://elasticsearch:9200
-      - ELASTIC_USERNAME=admin
-      - ELASTIC_PASSWORD=admin
-      - FILEBEAT_SSL_VERIFICATION_MODE=none
-    volumes:
-      - ossec_api_configuration:/var/ossec/api/configuration
-      - ossec_etc:/var/ossec/etc
-      - ossec_logs:/var/ossec/logs
-      - ossec_queue:/var/ossec/queue
-      - ossec_var_multigroups:/var/ossec/var/multigroups
-      - ossec_integrations:/var/ossec/integrations
-      - ossec_active_response:/var/ossec/active-response/bin
-      - ossec_agentless:/var/ossec/agentless
-      - ossec_wodles:/var/ossec/wodles
-      - filebeat_etc:/etc/filebeat
-      - filebeat_var:/var/lib/filebeat
-
+      - LS_HEAP_SIZE=2048m
  elasticsearch:
-    image: amazon/opendistro-for-elasticsearch:1.13.2
+    image: elasticsearch:5.4.2
    hostname: elasticsearch
    restart: always
+    command: elasticsearch -E node.name="node-1" -E cluster.name="wazuh" -E network.host=0.0.0.0
    ports:
      - "9200:9200"
+      - "9300:9300"
    environment:
-      - discovery.type=single-node
-      - cluster.name=wazuh-cluster
-      - network.host=0.0.0.0
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-      - bootstrap.memory_lock=true
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
-
+      ES_JAVA_OPTS: "-Xms2g -Xmx2g"
+#    volumes:
+#      - my-path:/usr/share/elasticsearch/data
+    networks:
+        - docker_elk
  kibana:
-    image: wazuh/wazuh-kibana-odfe:4.2.7
+    image: wazuh/wazuh-kibana
    hostname: kibana
    restart: always
    ports:
-      - 443:5601
-    environment:
-      - ELASTICSEARCH_USERNAME=admin
-      - ELASTICSEARCH_PASSWORD=admin
-      - SERVER_SSL_ENABLED=true
-      - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/opendistroforelasticsearch.example.org.cert
-      - SERVER_SSL_KEY=/usr/share/kibana/config/opendistroforelasticsearch.example.org.key
-
+      - "5601:5601"
+    networks:
+        - docker_elk
    depends_on:
      - elasticsearch
-    links:
-      - elasticsearch:elasticsearch
-      - wazuh:wazuh
+    entrypoint: sh wait-for-it.sh elasticsearch
+#    environment:
+#      - "WAZUH_KIBANA_PLUGIN_URL=http://your.repo/wazuhapp-2.0_5.4.2.zip"

-volumes:
-  ossec_api_configuration:
-  ossec_etc:
-  ossec_logs:
-  ossec_queue:
-  ossec_var_multigroups:
-  ossec_integrations:
-  ossec_active_response:
-  ossec_agentless:
-  ossec_wodles:
-  filebeat_etc:
-  filebeat_var:
+networks:
+  docker_elk:
+    driver: bridge
+    ipam:
+      config:
+      - subnet: 172.25.0.0/24
--- a/generate-elasticsearch-certs.yml
+++ b/generate-elasticsearch-certs.yml
@@ -1,17 +0,0 @@
-version: '2.2'
-
-services:
-  generator:
-    container_name: generator
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
-    command: >
-      bash -c '
-        if [[ ! -f config/certificates/bundle.zip ]]; then
-          bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out config/certificates/bundle.zip;
-          unzip config/certificates/bundle.zip -d config/certificates/;
-        fi;
-        chown -R 1000:0 config/certificates
-      '
-    user: "0"
-    working_dir: /usr/share/elasticsearch
-    volumes: ['./xpack:/usr/share/elasticsearch/config/certificates']
--- a/generate-opendistro-certs.yml
+++ b/generate-opendistro-certs.yml
@@ -1,10 +0,0 @@
-# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-version: '3'
-
-services:
-  generator:
-    image: wazuh/opendistro-certs-generator:0.1
-    hostname: opendistro-certs-generator
-    volumes:
-      - ./production_cluster/ssl_certs/certs.yml:/usr/src/config/myconf.yml
-      - ./production_cluster/ssl_certs/:/usr/src/certs/out/ 
--- a/images/image-1.png
+++ b/images/image-1.png
--- a/images/image-2.png
+++ b/images/image-2.png
--- a/kibana-odfe/Dockerfile
+++ b/kibana-odfe/Dockerfile
@@ -1,59 +0,0 @@
-# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-FROM amazon/opendistro-for-elasticsearch-kibana:1.13.2
-USER kibana
-ARG ELASTIC_VERSION=7.10.2
-ARG WAZUH_VERSION=4.2.7
-ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
-
-WORKDIR /usr/share/kibana
-RUN ./bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-${WAZUH_APP_VERSION}-1.zip
-
-WORKDIR /
-USER root
-COPY config/entrypoint.sh ./entrypoint.sh
-RUN chmod 755 ./entrypoint.sh
-
-ENV PATTERN="" \
-    CHECKS_PATTERN="" \
-    CHECKS_TEMPLATE="" \
-    CHECKS_API="" \
-    CHECKS_SETUP="" \
-    EXTENSIONS_PCI="" \
-    EXTENSIONS_GDPR="" \
-    EXTENSIONS_HIPAA="" \
-    EXTENSIONS_NIST="" \
-    EXTENSIONS_TSC="" \
-    EXTENSIONS_AUDIT="" \
-    EXTENSIONS_OSCAP="" \
-    EXTENSIONS_CISCAT="" \
-    EXTENSIONS_AWS="" \
-    EXTENSIONS_GCP="" \
-    EXTENSIONS_VIRUSTOTAL="" \
-    EXTENSIONS_OSQUERY="" \
-    EXTENSIONS_DOCKER="" \
-    APP_TIMEOUT="" \
-    API_SELECTOR="" \
-    IP_SELECTOR="" \
-    IP_IGNORE="" \
-    WAZUH_MONITORING_ENABLED="" \
-    WAZUH_MONITORING_FREQUENCY="" \
-    WAZUH_MONITORING_SHARDS="" \
-    WAZUH_MONITORING_REPLICAS="" \
-    ADMIN_PRIVILEGES=""
-
-USER kibana
-
-COPY ./config/custom_welcome /tmp/custom_welcome
-COPY --chown=kibana:kibana ./config/welcome_wazuh.sh ./
-RUN chmod +x ./welcome_wazuh.sh
-ARG CHANGE_WELCOME="true"
-RUN ./welcome_wazuh.sh
-
-COPY --chown=kibana:kibana ./config/wazuh.yml /usr/share/kibana/data/wazuh/config/wazuh.yml
-COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./
-RUN chmod +x ./wazuh_app_config.sh
-
-COPY --chown=kibana:kibana ./config/kibana_settings.sh ./
-RUN chmod +x ./kibana_settings.sh
-
-ENTRYPOINT ./entrypoint.sh
--- a/kibana-odfe/config/custom_welcome/light_theme.style.css
+++ b/kibana-odfe/config/custom_welcome/light_theme.style.css
--- a/kibana-odfe/config/custom_welcome/template.js.hbs
+++ b/kibana-odfe/config/custom_welcome/template.js.hbs
@@ -1,112 +0,0 @@
-var kbnCsp = JSON.parse(document.querySelector('kbn-csp').getAttribute('data'));
-window.__kbnStrictCsp__ = kbnCsp.strictCsp;
-window.__kbnThemeTag__ = "{{themeTag}}";
-window.__kbnPublicPath__ = {{publicPathMap}};
-window.__kbnBundles__ = {{kbnBundlesLoaderSource}}
-
-if (window.__kbnStrictCsp__ && window.__kbnCspNotEnforced__) {
-  var legacyBrowserError = document.getElementById('kbn_legacy_browser_error');
-  legacyBrowserError.style.display = 'flex';
-} else {
-  if (!window.__kbnCspNotEnforced__ && window.console) {
-    window.console.log("^ A single error about an inline script not firing due to content security policy is expected!");
-  }
-  var loadingMessage = document.getElementById('kbn_loading_message');
-  loadingMessage.style.display = 'flex';
-
-  window.onload = function () {
-    //WAZUH 
-      var interval = setInterval(() => {  
-        var title = document.querySelector("#kibana-body > div > div.app-wrapper.hidden-chrome > div > div.application > div > ul > div.euiText.euiText--medium > div")
-        if (!!title) {
-          clearInterval(interval);
-	  var content = document.querySelector("#kibana-body > div");
-          content.classList.add("wz-login")
-          title.textContent = "Welcome to Wazuh";
-          var subtitle = document.querySelector("#kibana-body > div > div.app-wrapper.hidden-chrome > div > div.application > div > ul > div.euiText.euiText--small > div")
-          subtitle.textContent = "The Open Source Security Platform";
-          var logo = document.querySelector("#kibana-body > div > div.app-wrapper.hidden-chrome > div > div.application > div > ul > figure");
-          logo.remove();
-          var logoContainer = document.querySelector("#kibana-body > div > div.app-wrapper.hidden-chrome > div > div.application > div > ul");
-          $(logoContainer).prepend('<span class="loginWelcome__logo"></span>');
-        } 
-      })  
-    //
-
-    function failure() {
-      // make subsequent calls to failure() noop
-      failure = function () {};
-
-      var err = document.createElement('h1');
-      err.style['color'] = 'white';
-      err.style['font-family'] = 'monospace';
-      err.style['text-align'] = 'center';
-      err.style['background'] = '#F44336';
-      err.style['padding'] = '25px';
-      err.innerText = document.querySelector('[data-error-message]').dataset.errorMessage;
-
-      document.body.innerHTML = err.outerHTML;
-    }
-
-    var stylesheetTarget = document.querySelector('head meta[name="add-styles-here"]')
-    function loadStyleSheet(url, cb) {
-      var dom = document.createElement('link');
-      dom.rel = 'stylesheet';
-      dom.type = 'text/css';
-      dom.href = url;
-      dom.addEventListener('error', failure);
-      dom.addEventListener('load', cb);
-      document.head.insertBefore(dom, stylesheetTarget);
-    }
-
-    var scriptsTarget = document.querySelector('head meta[name="add-scripts-here"]')
-    function loadScript(url, cb) {
-      var dom = document.createElement('script');
-      {{!-- NOTE: async = false is used to trigger async-download/ordered-execution as outlined here: https://www.html5rocks.com/en/tutorials/speed/script-loading/ --}}
-      dom.async = false;
-      dom.src = url;
-      dom.addEventListener('error', failure);
-      dom.addEventListener('load', cb);
-      document.head.insertBefore(dom, scriptsTarget);
-    }
-
-    function load(urls, cb) {
-      var pending = urls.length;
-      urls.forEach(function (url) {
-        var innerCb = function () {
-          pending = pending - 1;
-          if (pending === 0 && typeof cb === 'function') {
-            cb();
-          }
-        }
-
-        if (typeof url !== 'string') {
-          load(url, innerCb);
-        } else if (url.slice(-4) === '.css') {
-          loadStyleSheet(url, innerCb);
-        } else {
-          loadScript(url, innerCb);
-        }
-      });
-    }
-
-    load([
-      {{#each jsDependencyPaths}}
-        '{{this}}',
-      {{/each}}
-    ], function () {
-      {{#unless legacyBundlePath}}
-        __kbnBundles__.get('entry/core/public').__kbnBootstrap__();
-      {{/unless}}
-
-      load([
-        {{#if legacyBundlePath}}
-          '{{legacyBundlePath}}',
-        {{/if}}
-        {{#each styleSheetPaths}}
-          '{{this}}',
-        {{/each}}
-      ]);
-    });
-  }
-}
--- a/kibana-odfe/config/custom_welcome/wazuh_logo_circle.svg
+++ b/kibana-odfe/config/custom_welcome/wazuh_logo_circle.svg
@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 84.67 84.67"><defs><style>.a{fill:#fff;}.b{fill:#00a9e5;}</style></defs><title>wazuh_logo_circle</title><circle class="a" cx="42.34" cy="42.34" r="42.34"/><path class="b" d="M58.13,9.2,50,26.32H35.07L26.16,9.2,20,31l-8.53,9.72,19.18,17.6,7.47,17.21h8.53l7-16.91L73.24,40.83l-8.73-9.57ZM48.58,55.13a1.79,1.79,0,0,1-.74.62,2.49,2.49,0,0,1-1,.2,2.52,2.52,0,0,1-1-.2,1.84,1.84,0,0,1-.71-.62l-2.88-4.36-2.9,4.36a1.87,1.87,0,0,1-.72.62,2.48,2.48,0,0,1-.95.2,1.94,1.94,0,0,1-1.7-.82L21.3,41.37h4.09L37.87,52.3l2.49-3.89h3.93L47,52.3,59.63,40.9h3.74Z"/></svg>
--- a/kibana-odfe/config/custom_welcome/wazuh_wazuh_bg.svg
+++ b/kibana-odfe/config/custom_welcome/wazuh_wazuh_bg.svg
--- a/kibana-odfe/config/entrypoint.sh
+++ b/kibana-odfe/config/entrypoint.sh
@@ -1,65 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-
-set -e
-
-##############################################################################
-# Waiting for elasticsearch
-##############################################################################
-
-if [ "x${ELASTICSEARCH_URL}" == "x" ]; then
-  if [[ ${ENABLED_SECURITY} == "false" ]]; then
-    export el_url="http://elasticsearch:9200"
-  else
-    export el_url="https://elasticsearch:9200"
-  fi
-else
-  export el_url="${ELASTICSEARCH_URL}"
-fi
-
-if [[ ${ENABLED_SECURITY} == "false" || "x${ELASTICSEARCH_USERNAME}" == "x" || "x${ELASTICSEARCH_PASSWORD}" == "x" ]]; then
-  auth=""
-  # remove security plugin from kibana if elasticsearch is not using it either
-  /usr/share/kibana/bin/kibana-plugin remove opendistro_security
-else
-  export auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} -k"
-fi
-
-until curl -XGET $el_url ${auth}; do
-  >&2 echo "Elastic is unavailable - sleeping"
-  sleep 5
-done
-
-sleep 2
-
->&2 echo "Elasticsearch is up."
-
-
-##############################################################################
-# Waiting for wazuh alerts template
-##############################################################################
-
-strlen=0
-
-while [[ $strlen -eq 0 ]]
-do
-  template=$(curl ${auth} $el_url/_cat/templates/wazuh -s)
-  strlen=${#template}
-  >&2 echo "Wazuh alerts template not loaded - sleeping."
-  sleep 2
-done
-
-sleep 2
-
->&2 echo "Wazuh alerts template is loaded."
-
-
-./wazuh_app_config.sh
-
-sleep 5
-
-./kibana_settings.sh &
-
-sleep 2
-
-/usr/local/bin/kibana-docker
--- a/kibana-odfe/config/kibana_settings.sh
+++ b/kibana-odfe/config/kibana_settings.sh
@@ -1,58 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-
-WAZUH_MAJOR=4
-
-##############################################################################
-# Wait for the Kibana API to start. It is necessary to do it in this container
-# because the others are running Elastic Stack and we can not interrupt them.
-#
-# The following actions are performed:
-#
-# Add the wazuh alerts index as default.
-# Set the Discover time interval to 24 hours instead of 15 minutes.
-# Do not ask user to help providing usage statistics to Elastic.
-##############################################################################
-
-##############################################################################
-# Customize elasticsearch ip
-##############################################################################
-sed -i "s|elasticsearch.hosts:.*|elasticsearch.hosts: $el_url|g" /usr/share/kibana/config/kibana.yml
-
-# If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate.
-if [ "$KIBANA_INDEX" != "" ]; then
-  if grep -q 'kibana.index' /usr/share/kibana/config/kibana.yml; then
-    sed -i '/kibana.index/d' /usr/share/kibana/config/kibana.yml
-  fi
-    echo "kibana.index: $KIBANA_INDEX" >> /usr/share/kibana/config/kibana.yml
-fi
-
-while [[ "$(curl -XGET -I  -s -o /dev/null -w '%{http_code}' -k https://127.0.0.1:5601/app/login)" != "200" ]]; do
-  echo "Waiting for Kibana API. Sleeping 5 seconds"
-  sleep 5
-done
-
-# Prepare index selection.
-echo "Kibana API is running"
-
-default_index="/tmp/default_index.json"
-
-cat > ${default_index} << EOF
-{
-  "changes": {
-    "defaultIndex": "wazuh-alerts-${WAZUH_MAJOR}.x-*"
-  }
-}
-EOF
-
-sleep 5
-# Add the wazuh alerts index as default.
-curl ${auth} -POST -k https://127.0.0.1:5601/api/kibana/settings -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index}
-rm -f ${default_index}
-
-sleep 5
-# Configuring Kibana TimePicker.
-curl ${auth} -POST -k "https://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
-'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\"}"}}'
-
-echo "End settings"
--- a/kibana-odfe/config/wazuh.yml
+++ b/kibana-odfe/config/wazuh.yml
@@ -1,162 +0,0 @@
---
-#
-# Wazuh app - App configuration file
-# Copyright (C) 2015-2021 Wazuh, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Find more information about this on the LICENSE file.
-#
-# ======================== Wazuh app configuration file ========================
-#
-# Please check the documentation for more information on configuration options:
-# https://documentation.wazuh.com/current/installation-guide/index.html
-#
-# Also, you can check our repository:
-# https://github.com/wazuh/wazuh-kibana-app
-#
-# ------------------------------- Index patterns -------------------------------
-#
-# Default index pattern to use.
-#pattern: wazuh-alerts-*
-#
-# ----------------------------------- Checks -----------------------------------
-#
-# Defines which checks must to be consider by the healthcheck
-# step once the Wazuh app starts. Values must to be true or false.
-#checks.pattern : true
-#checks.template: true
-#checks.api     : true
-#checks.setup   : true
-#checks.metaFields: true
-#
-# --------------------------------- Extensions ---------------------------------
-#
-# Defines which extensions should be activated when you add a new API entry.
-# You can change them after Wazuh app starts.
-# Values must to be true or false.
-#extensions.pci       : true
-#extensions.gdpr      : true
-#extensions.hipaa     : true
-#extensions.nist      : true
-#extensions.tsc       : true
-#extensions.audit     : true
-#extensions.oscap     : false
-#extensions.ciscat    : false
-#extensions.aws       : false
-#extensions.gcp       : false
-#extensions.virustotal: false
-#extensions.osquery   : false
-#extensions.docker    : false
-#
-# ---------------------------------- Time out ----------------------------------
-#
-# Defines maximum timeout to be used on the Wazuh app requests.
-# It will be ignored if it is bellow 1500.
-# It means milliseconds before we consider a request as failed.
-# Default: 20000
-#timeout: 20000
-#
-# -------------------------------- API selector --------------------------------
-#
-# Defines if the user is allowed to change the selected
-# API directly from the Wazuh app top menu.
-# Default: true
-#api.selector: true
-#
-# --------------------------- Index pattern selector ---------------------------
-#
-# Defines if the user is allowed to change the selected
-# index pattern directly from the Wazuh app top menu.
-# Default: true
-#ip.selector: true
-#
-# List of index patterns to be ignored
-#ip.ignore: []
-#
-# -------------------------------- X-Pack RBAC ---------------------------------
-#
-# Custom setting to enable/disable built-in X-Pack RBAC security capabilities.
-# Default: enabled
-#xpack.rbac.enabled: true
-#
-# ------------------------------ wazuh-monitoring ------------------------------
-#
-# Custom setting to enable/disable wazuh-monitoring indices.
-# Values: true, false, worker
-# If worker is given as value, the app will show the Agents status
-# visualization but won't insert data on wazuh-monitoring indices.
-# Default: true
-#wazuh.monitoring.enabled: true
-#
-# Custom setting to set the frequency for wazuh-monitoring indices cron task.
-# Default: 900 (s)
-#wazuh.monitoring.frequency: 900
-#
-# Configure wazuh-monitoring-* indices shards and replicas.
-#wazuh.monitoring.shards: 2
-#wazuh.monitoring.replicas: 0
-#
-# Configure wazuh-monitoring-* indices custom creation interval.
-# Values: h (hourly), d (daily), w (weekly), m (monthly)
-# Default: d
-#wazuh.monitoring.creation: d
-#
-# Default index pattern to use for Wazuh monitoring
-#wazuh.monitoring.pattern: wazuh-monitoring-*
-#
-# --------------------------------- wazuh-cron ----------------------------------
-#
-# Customize the index prefix of predefined jobs
-# This change is not retroactive, if you change it new indexes will be created
-# cron.prefix: test
-#
-# ------------------------------ wazuh-statistics -------------------------------
-#
-# Custom setting to enable/disable statistics tasks.
-#cron.statistics.status: true
-#
-# Enter the ID of the APIs you want to save data from, leave this empty to run
-# the task on all configured APIs
-#cron.statistics.apis: []
-#
-# Define the frequency of task execution using cron schedule expressions
-#cron.statistics.interval: 0 0 * * * *
-#
-# Define the name of the index in which the documents are to be saved.
-#cron.statistics.index.name: statistics
-#
-# Define the interval in which the index will be created
-#cron.statistics.index.creation: w
-#
-# ------------------------------- App privileges --------------------------------
-#admin: true
-#
-# ---------------------------- Hide manager alerts ------------------------------
-# Hide the alerts of the manager in all dashboards and discover
-#hideManagerAlerts: false
-#
-# ------------------------------- App logging level -----------------------------
-# Set the logging level for the Wazuh App log files.
-# Default value: info
-# Allowed values: info, debug
-#logs.level: info
-#
-# -------------------------------- Enrollment DNS -------------------------------
-# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
-# Default value: ''
-#enrollment.dns: ''
-#
-#-------------------------------- API entries -----------------------------------
-#The following configuration is the default structure to define an API entry.
-#
-#hosts:
-#  - <id>:
-#     url: http(s)://<url>
-#     port: <port>
-#     username: <username>
-#     password: <password>
-
--- a/kibana-odfe/config/wazuh_app_config.sh
+++ b/kibana-odfe/config/wazuh_app_config.sh
@@ -1,64 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-
-wazuh_url="${WAZUH_API_URL:-https://wazuh}"
-wazuh_port="${API_PORT:-55000}"
-api_username="${API_USERNAME:-wazuh-wui}"
-api_password="${API_PASSWORD:-wazuh-wui}"
-
-kibana_config_file="/usr/share/kibana/data/wazuh/config/wazuh.yml"
-
-declare -A CONFIG_MAP=(
-  [pattern]=$PATTERN
-  [checks.pattern]=$CHECKS_PATTERN
-  [checks.template]=$CHECKS_TEMPLATE
-  [checks.api]=$CHECKS_API
-  [checks.setup]=$CHECKS_SETUP
-  [extensions.pci]=$EXTENSIONS_PCI
-  [extensions.gdpr]=$EXTENSIONS_GDPR
-  [extensions.hipaa]=$EXTENSIONS_HIPAA
-  [extensions.nist]=$EXTENSIONS_NIST
-  [extensions.tsc]=$EXTENSIONS_TSC
-  [extensions.audit]=$EXTENSIONS_AUDIT
-  [extensions.oscap]=$EXTENSIONS_OSCAP
-  [extensions.ciscat]=$EXTENSIONS_CISCAT
-  [extensions.aws]=$EXTENSIONS_AWS
-  [extensions.gcp]=$EXTENSIONS_GCP
-  [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
-  [extensions.osquery]=$EXTENSIONS_OSQUERY
-  [extensions.docker]=$EXTENSIONS_DOCKER
-  [timeout]=$APP_TIMEOUT
-  [api.selector]=$API_SELECTOR
-  [ip.selector]=$IP_SELECTOR
-  [ip.ignore]=$IP_IGNORE
-  [wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED
-  [wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY
-  [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS
-  [wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS
-  [admin]=$ADMIN_PRIVILEGES
-)
-
-for i in "${!CONFIG_MAP[@]}"
-do
-    if [ "${CONFIG_MAP[$i]}" != "" ]; then
-        sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
-    fi
-done
-
-CONFIG_CODE=$(curl ${auth} -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013)
-
-grep -q 1513629884013 $kibana_config_file
-_config_exists=$?
-
-if [[ "x$CONFIG_CODE" != "x200" && $_config_exists -ne 0 ]]; then
-cat << EOF >> $kibana_config_file
-hosts:
-  - 1513629884013:
-      url: $wazuh_url
-      port: $wazuh_port
-      username: $api_username
-      password: $api_password
-EOF
-else
-  echo "Wazuh APP already configured"
-fi
--- a/kibana-odfe/config/welcome_wazuh.sh
+++ b/kibana-odfe/config/welcome_wazuh.sh
@@ -1,14 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-
-if [[ $CHANGE_WELCOME == "true" ]]
-then
-    echo "Set Wazuh app as the default landing page"
-    echo "server.defaultRoute: /app/wazuh?security_tenant=global" >> /usr/share/kibana/config/kibana.yml
-
-    echo "Set custom welcome styles"
-    cp -f /tmp/custom_welcome/template.js.hbs /usr/share/kibana/src/legacy/ui/ui_render/bootstrap/template.js.hbs
-    cp -f /tmp/custom_welcome/light_theme.style.css /usr/share/kibana/src/core/server/core_app/assets/legacy_light_theme.css
-    cp -f /tmp/custom_welcome/*svg /usr/share/kibana/src/core/server/core_app/assets/
-fi
-
--- a/kibana/Dockerfile
+++ b/kibana/Dockerfile
@@ -1,64 +1,7 @@
-# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-FROM docker.elastic.co/kibana/kibana:7.10.2
-USER kibana
-ARG ELASTIC_VERSION=7.10.2
-ARG WAZUH_VERSION=4.2.7
-ARG WAZUH_APP_VERSION="${WAZUH_VERSION}_${ELASTIC_VERSION}"
+FROM kibana:5.4.2

-WORKDIR /usr/share/kibana
-RUN ./bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-${WAZUH_APP_VERSION}-1.zip
+RUN apt-get update && apt-get install -y curl

-ENV PATTERN="" \
-    CHECKS_PATTERN="" \
-    CHECKS_TEMPLATE="" \
-    CHECKS_API="" \
-    CHECKS_SETUP="" \
-    EXTENSIONS_PCI="" \
-    EXTENSIONS_GDPR="" \
-    EXTENSIONS_HIPAA="" \
-    EXTENSIONS_NIST="" \
-    EXTENSIONS_TSC="" \
-    EXTENSIONS_AUDIT="" \
-    EXTENSIONS_OSCAP="" \
-    EXTENSIONS_CISCAT="" \
-    EXTENSIONS_AWS="" \
-    EXTENSIONS_GCP="" \
-    EXTENSIONS_VIRUSTOTAL="" \
-    EXTENSIONS_OSQUERY="" \
-    EXTENSIONS_DOCKER="" \
-    APP_TIMEOUT="" \
-    API_SELECTOR="" \
-    IP_SELECTOR="" \
-    IP_IGNORE="" \
-    WAZUH_MONITORING_ENABLED="" \
-    WAZUH_MONITORING_FREQUENCY="" \
-    WAZUH_MONITORING_SHARDS="" \
-    WAZUH_MONITORING_REPLICAS="" \
-    ADMIN_PRIVILEGES="" \
-    XPACK_CANVAS="true" \
-    XPACK_LOGS="true"   \
-    XPACK_INFRA="true"  \
-    XPACK_ML="true" \
-    XPACK_DEVTOOLS="true"   \
-    XPACK_MONITORING="true" \
-    XPACK_APM="true"
+COPY ./config/kibana.yml /opt/kibana/config/kibana.yml

-WORKDIR /
-USER kibana
-
-COPY --chown=kibana:kibana config/entrypoint.sh ./entrypoint.sh
-RUN chmod 755 ./entrypoint.sh
-
-RUN printf "\nserver.defaultRoute: /app/wazuh\n" >> /usr/share/kibana/config/kibana.yml
-
-COPY --chown=kibana:kibana ./config/wazuh.yml /usr/share/kibana/data/wazuh/config/wazuh.yml
-COPY --chown=kibana:kibana ./config/wazuh_app_config.sh ./
-RUN chmod +x ./wazuh_app_config.sh
-
-COPY --chown=kibana:kibana ./config/kibana_settings.sh ./
-RUN chmod +x ./kibana_settings.sh
-
-COPY --chown=kibana:kibana ./config/xpack_config.sh ./
-RUN chmod +x ./xpack_config.sh
-
-ENTRYPOINT ./entrypoint.sh
+COPY config/wait-for-it.sh /
--- a/kibana/config/entrypoint.sh
+++ b/kibana/config/entrypoint.sh
@@ -1,60 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-
-set -e
-
-##############################################################################
-# Waiting for elasticsearch
-##############################################################################
-
-if [ "x${ELASTICSEARCH_URL}" = "x" ]; then
-  export el_url="http://elasticsearch:9200"
-else
-  export el_url="${ELASTICSEARCH_URL}"
-fi
-
-if [[ ${ENABLED_SECURITY} == "false" || "x${ELASTICSEARCH_USERNAME}" = "x" || "x${ELASTICSEARCH_PASSWORD}" = "x" ]]; then
-  export auth=""
-else
-  export auth="--user ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} -k"
-fi
-
-until curl -XGET $el_url ${auth}; do
-  >&2 echo "Elastic is unavailable - sleeping"
-  sleep 5
-done
-
-sleep 2
-
->&2 echo "Elasticsearch is up."
-
-
-##############################################################################
-# Waiting for wazuh alerts template
-##############################################################################
-
-strlen=0
-
-while [[ $strlen -eq 0 ]]
-do
-  template=$(curl ${auth} $el_url/_cat/templates/wazuh -s)
-  strlen=${#template}
-  >&2 echo "Wazuh alerts template not loaded - sleeping."
-  sleep 2
-done
-
-sleep 2
-
->&2 echo "Wazuh alerts template is loaded."
-
-./xpack_config.sh
-
-./wazuh_app_config.sh
-
-sleep 5
-
-./kibana_settings.sh &
-
-sleep 2
-
-/usr/local/bin/kibana-docker
--- a/kibana/config/kibana.yml
+++ b/kibana/config/kibana.yml
@@ -0,0 +1,92 @@
+# Kibana is served by a back end server. This setting specifies the port to use.
+server.port: 5601
+
+# This setting specifies the IP address of the back end server.
+server.host: "0.0.0.0"
+
+# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This setting
+# cannot end in a slash.
+# server.basePath: ""
+
+# The maximum payload size in bytes for incoming server requests.
+# server.maxPayloadBytes: 1048576
+
+# The Kibana server's name.  This is used for display purposes.
+# server.name: "your-hostname"
+
+# The URL of the Elasticsearch instance to use for all your queries.
+elasticsearch.url: "http://elasticsearch:9200"
+
+# When this setting’s value is true Kibana uses the hostname specified in the server.host
+# setting. When the value of this setting is false, Kibana uses the hostname of the host
+# that connects to this Kibana instance.
+# elasticsearch.preserveHost: true
+
+# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
+# dashboards. Kibana creates a new index if the index doesn’t already exist.
+# kibana.index: ".kibana"
+
+# The default application to load.
+# kibana.defaultAppId: "discover"
+
+# If your Elasticsearch is protected with basic authentication, these settings provide
+# the username and password that the Kibana server uses to perform maintenance on the Kibana
+# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
+# is proxied through the Kibana server.
+# elasticsearch.username: "user"
+# elasticsearch.password: "pass"
+
+# Paths to the PEM-format SSL certificate and SSL key files, respectively. These
+# files enable SSL for outgoing requests from the Kibana server to the browser.
+# server.ssl.cert: /path/to/your/server.crt
+# server.ssl.key: /path/to/your/server.key
+
+# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
+# These files validate that your Elasticsearch backend uses the same key files.
+# elasticsearch.ssl.cert: /path/to/your/client.crt
+# elasticsearch.ssl.key: /path/to/your/client.key
+
+# Optional setting that enables you to specify a path to the PEM file for the certificate
+# authority for your Elasticsearch instance.
+# elasticsearch.ssl.ca: /path/to/your/CA.pem
+
+# To disregard the validity of SSL certificates, change this setting’s value to false.
+# elasticsearch.ssl.verify: true
+
+# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
+# the elasticsearch.requestTimeout setting.
+# elasticsearch.pingTimeout: 1500
+
+# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
+# must be a positive integer.
+# elasticsearch.requestTimeout: 30000
+
+# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
+# headers, set this value to [] (an empty list).
+# elasticsearch.requestHeadersWhitelist: [ authorization ]
+
+# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
+# elasticsearch.shardTimeout: 0
+
+# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
+# elasticsearch.startupTimeout: 5000
+
+# Specifies the path where Kibana creates the process ID file.
+# pid.file: /var/run/kibana.pid
+
+# Enables you specify a file where Kibana stores log output.
+# logging.dest: stdout
+
+# Set the value of this setting to true to suppress all logging output.
+# logging.silent: false
+
+# Set the value of this setting to true to suppress all logging output other than error messages.
+# logging.quiet: false
+
+# Set the value of this setting to true to log all events, including system usage information
+# and all requests.
+# logging.verbose: false
+
+# Set the interval in milliseconds to sample system and process performance
+# metrics. Minimum is 100ms. Defaults to 10000.
+# ops.interval: 10000
--- a/kibana/config/kibana_settings.sh
+++ b/kibana/config/kibana_settings.sh
@@ -1,79 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-
-WAZUH_MAJOR=4
-
-##############################################################################
-# Wait for the Kibana API to start. It is necessary to do it in this container
-# because the others are running Elastic Stack and we can not interrupt them.
-#
-# The following actions are performed:
-#
-# Add the wazuh alerts index as default.
-# Set the Discover time interval to 24 hours instead of 15 minutes.
-# Do not ask user to help providing usage statistics to Elastic.
-##############################################################################
-
-##############################################################################
-# Customize elasticsearch ip
-##############################################################################
-sed -i "s|elasticsearch.hosts:.*|elasticsearch.hosts: $el_url|g" /usr/share/kibana/config/kibana.yml
-
-# If KIBANA_INDEX was set, then change the default index in kibana.yml configuration file. If there was an index, then delete it and recreate.
-if [ "$KIBANA_INDEX" != "" ]; then
-  if grep -q 'kibana.index' /usr/share/kibana/config/kibana.yml; then
-    sed -i '/kibana.index/d' /usr/share/kibana/config/kibana.yml
-  fi
-    echo "kibana.index: $KIBANA_INDEX" >> /usr/share/kibana/config/kibana.yml
-fi
-
-kibana_proto="http"
-
-if [ "$XPACK_SECURITY_ENABLED" != "" ]; then
-  kibana_proto="https"
-  if grep -q 'xpack.security.enabled' /usr/share/kibana/config/kibana.yml; then
-    sed -i '/xpack.security.enabled/d' /usr/share/kibana/config/kibana.yml
-  fi
-    echo "xpack.security.enabled: $XPACK_SECURITY_ENABLED" >> /usr/share/kibana/config/kibana.yml
-fi
-
-# Add auth headers if required
-if [ "$ELASTICSEARCH_USERNAME" != "" ] && [ "$ELASTICSEARCH_PASSWORD" != "" ]; then
-    curl_auth="-u $ELASTICSEARCH_USERNAME:$ELASTICSEARCH_PASSWORD"
-fi
-
-while [[ "$(curl $curl_auth -XGET -I  -s -o /dev/null -w ''%{http_code}'' -k $kibana_proto://127.0.0.1:5601/status)" != "200" ]]; do
-  echo "Waiting for Kibana API. Sleeping 5 seconds"
-  sleep 5
-done
-
-
-
-# Prepare index selection.
-echo "Kibana API is running"
-
-default_index="/tmp/default_index.json"
-
-cat > ${default_index} << EOF
-{
-  "changes": {
-    "defaultIndex": "wazuh-alerts-${WAZUH_MAJOR}.x-*"
-  }
-}
-EOF
-
-sleep 5
-# Add the wazuh alerts index as default.
-curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d@${default_index}
-rm -f ${default_index}
-
-sleep 5
-# Configuring Kibana TimePicker.
-curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/kibana/settings" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d \
-'{"changes":{"timepicker:timeDefaults":"{\n  \"from\": \"now-12h\",\n  \"to\": \"now\"}"}}'
-
-sleep 5
-# Do not ask user to help providing usage statistics to Elastic
-curl ${auth} -POST -k "$kibana_proto://127.0.0.1:5601/api/telemetry/v2/optIn" -H "Content-Type: application/json" -H "kbn-xsrf: true" -d '{"enabled":false}'
-
-echo "End settings"
--- a/kibana/config/wait-for-it.sh
+++ b/kibana/config/wait-for-it.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -e
+
+host="$1"
+shift
+cmd="kibana"
+WAZUH_KIBANA_PLUGIN_URL=${WAZUH_KIBANA_PLUGIN_URL:-https://packages.wazuh.com/wazuhapp/wazuhapp-2.0_5.4.2.zip}
+
+until curl -XGET $host:9200; do
+  >&2 echo "Elastic is unavailable - sleeping"
+  sleep 1
+done
+
+sleep 30
+
+>&2 echo "Elastic is up - executing command"
+
+if /usr/share/kibana/bin/kibana-plugin list | grep wazuh; then
+  echo "Wazuh APP already installed"
+else
+  /usr/share/kibana/bin/kibana-plugin install ${WAZUH_KIBANA_PLUGIN_URL}
+fi
+
+exec $cmd
--- a/kibana/config/wazuh.yml
+++ b/kibana/config/wazuh.yml
@@ -1,162 +0,0 @@
---
-#
-# Wazuh app - App configuration file
-# Copyright (C) 2015-2021 Wazuh, Inc.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Find more information about this on the LICENSE file.
-#
-# ======================== Wazuh app configuration file ========================
-#
-# Please check the documentation for more information on configuration options:
-# https://documentation.wazuh.com/current/installation-guide/index.html
-#
-# Also, you can check our repository:
-# https://github.com/wazuh/wazuh-kibana-app
-#
-# ------------------------------- Index patterns -------------------------------
-#
-# Default index pattern to use.
-#pattern: wazuh-alerts-*
-#
-# ----------------------------------- Checks -----------------------------------
-#
-# Defines which checks must to be consider by the healthcheck
-# step once the Wazuh app starts. Values must to be true or false.
-#checks.pattern : true
-#checks.template: true
-#checks.api     : true
-#checks.setup   : true
-#checks.metaFields: true
-#
-# --------------------------------- Extensions ---------------------------------
-#
-# Defines which extensions should be activated when you add a new API entry.
-# You can change them after Wazuh app starts.
-# Values must to be true or false.
-#extensions.pci       : true
-#extensions.gdpr      : true
-#extensions.hipaa     : true
-#extensions.nist      : true
-#extensions.tsc       : true
-#extensions.audit     : true
-#extensions.oscap     : false
-#extensions.ciscat    : false
-#extensions.aws       : false
-#extensions.gcp       : false
-#extensions.virustotal: false
-#extensions.osquery   : false
-#extensions.docker    : false
-#
-# ---------------------------------- Time out ----------------------------------
-#
-# Defines maximum timeout to be used on the Wazuh app requests.
-# It will be ignored if it is bellow 1500.
-# It means milliseconds before we consider a request as failed.
-# Default: 20000
-#timeout: 20000
-#
-# -------------------------------- API selector --------------------------------
-#
-# Defines if the user is allowed to change the selected
-# API directly from the Wazuh app top menu.
-# Default: true
-#api.selector: true
-#
-# --------------------------- Index pattern selector ---------------------------
-#
-# Defines if the user is allowed to change the selected
-# index pattern directly from the Wazuh app top menu.
-# Default: true
-#ip.selector: true
-#
-# List of index patterns to be ignored
-#ip.ignore: []
-#
-# -------------------------------- X-Pack RBAC ---------------------------------
-#
-# Custom setting to enable/disable built-in X-Pack RBAC security capabilities.
-# Default: enabled
-#xpack.rbac.enabled: true
-#
-# ------------------------------ wazuh-monitoring ------------------------------
-#
-# Custom setting to enable/disable wazuh-monitoring indices.
-# Values: true, false, worker
-# If worker is given as value, the app will show the Agents status
-# visualization but won't insert data on wazuh-monitoring indices.
-# Default: true
-#wazuh.monitoring.enabled: true
-#
-# Custom setting to set the frequency for wazuh-monitoring indices cron task.
-# Default: 900 (s)
-#wazuh.monitoring.frequency: 900
-#
-# Configure wazuh-monitoring-* indices shards and replicas.
-#wazuh.monitoring.shards: 2
-#wazuh.monitoring.replicas: 0
-#
-# Configure wazuh-monitoring-* indices custom creation interval.
-# Values: h (hourly), d (daily), w (weekly), m (monthly)
-# Default: d
-#wazuh.monitoring.creation: d
-#
-# Default index pattern to use for Wazuh monitoring
-#wazuh.monitoring.pattern: wazuh-monitoring-*
-#
-# --------------------------------- wazuh-cron ----------------------------------
-#
-# Customize the index prefix of predefined jobs
-# This change is not retroactive, if you change it new indexes will be created
-# cron.prefix: test
-#
-# ------------------------------ wazuh-statistics -------------------------------
-#
-# Custom setting to enable/disable statistics tasks.
-#cron.statistics.status: true
-#
-# Enter the ID of the APIs you want to save data from, leave this empty to run
-# the task on all configured APIs
-#cron.statistics.apis: []
-#
-# Define the frequency of task execution using cron schedule expressions
-#cron.statistics.interval: 0 0 * * * *
-#
-# Define the name of the index in which the documents are to be saved.
-#cron.statistics.index.name: statistics
-#
-# Define the interval in which the index will be created
-#cron.statistics.index.creation: w
-#
-# ------------------------------- App privileges --------------------------------
-#admin: true
-#
-# ---------------------------- Hide manager alerts ------------------------------
-# Hide the alerts of the manager in all dashboards and discover
-#hideManagerAlerts: false
-#
-# ------------------------------- App logging level -----------------------------
-# Set the logging level for the Wazuh App log files.
-# Default value: info
-# Allowed values: info, debug
-#logs.level: info
-#
-# -------------------------------- Enrollment DNS -------------------------------
-# Set the variable WAZUH_REGISTRATION_SERVER in agents deployment.
-# Default value: ''
-#enrollment.dns: ''
-#
-#-------------------------------- API entries -----------------------------------
-#The following configuration is the default structure to define an API entry.
-#
-#hosts:
-#  - <id>:
-#     url: http(s)://<url>
-#     port: <port>
-#     username: <username>
-#     password: <password>
-
--- a/kibana/config/wazuh_app_config.sh
+++ b/kibana/config/wazuh_app_config.sh
@@ -1,64 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-
-wazuh_url="${WAZUH_API_URL:-https://wazuh}"
-wazuh_port="${API_PORT:-55000}"
-api_username="${API_USERNAME:-wazuh-wui}"
-api_password="${API_PASSWORD:-wazuh-wui}"
-
-kibana_config_file="/usr/share/kibana/data/wazuh/config/wazuh.yml"
-
-declare -A CONFIG_MAP=(
-  [pattern]=$PATTERN
-  [checks.pattern]=$CHECKS_PATTERN
-  [checks.template]=$CHECKS_TEMPLATE
-  [checks.api]=$CHECKS_API
-  [checks.setup]=$CHECKS_SETUP
-  [extensions.pci]=$EXTENSIONS_PCI
-  [extensions.gdpr]=$EXTENSIONS_GDPR
-  [extensions.hipaa]=$EXTENSIONS_HIPAA
-  [extensions.nist]=$EXTENSIONS_NIST
-  [extensions.tsc]=$EXTENSIONS_TSC
-  [extensions.audit]=$EXTENSIONS_AUDIT
-  [extensions.oscap]=$EXTENSIONS_OSCAP
-  [extensions.ciscat]=$EXTENSIONS_CISCAT
-  [extensions.aws]=$EXTENSIONS_AWS
-  [extensions.gcp]=$EXTENSIONS_GCP
-  [extensions.virustotal]=$EXTENSIONS_VIRUSTOTAL
-  [extensions.osquery]=$EXTENSIONS_OSQUERY
-  [extensions.docker]=$EXTENSIONS_DOCKER
-  [timeout]=$APP_TIMEOUT
-  [api.selector]=$API_SELECTOR
-  [ip.selector]=$IP_SELECTOR
-  [ip.ignore]=$IP_IGNORE
-  [wazuh.monitoring.enabled]=$WAZUH_MONITORING_ENABLED
-  [wazuh.monitoring.frequency]=$WAZUH_MONITORING_FREQUENCY
-  [wazuh.monitoring.shards]=$WAZUH_MONITORING_SHARDS
-  [wazuh.monitoring.replicas]=$WAZUH_MONITORING_REPLICAS
-  [admin]=$ADMIN_PRIVILEGES
-)
-
-for i in "${!CONFIG_MAP[@]}"
-do
-    if [ "${CONFIG_MAP[$i]}" != "" ]; then
-        sed -i 's/.*#'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
-    fi
-done
-
-CONFIG_CODE=$(curl ${auth} -s -o /dev/null -w "%{http_code}" -XGET $el_url/.wazuh/_doc/1513629884013)
-
-grep -q 1513629884013 $kibana_config_file
-_config_exists=$?
-
-if [[ "x$CONFIG_CODE" != "x200" && $_config_exists -ne 0 ]]; then
-cat << EOF >> $kibana_config_file
-hosts:
-  - 1513629884013:
-      url: $wazuh_url
-      port: $wazuh_port
-      username: $api_username
-      password: $api_password
-EOF
-else
-  echo "Wazuh APP already configured"
-fi
--- a/kibana/config/xpack_config.sh
+++ b/kibana/config/xpack_config.sh
@@ -1,35 +0,0 @@
-#!/bin/bash
-# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-
-kibana_config_file="/usr/share/kibana/config/kibana.yml"
-if grep -Fq  "#xpack features" "$kibana_config_file";
-then
-  declare -A CONFIG_MAP=(
-    [xpack.apm.ui.enabled]=$XPACK_APM
-    [xpack.grokdebugger.enabled]=$XPACK_DEVTOOLS
-    [xpack.searchprofiler.enabled]=$XPACK_DEVTOOLS
-    [xpack.ml.enabled]=$XPACK_ML
-    [xpack.canvas.enabled]=$XPACK_CANVAS
-    [xpack.infra.enabled]=$XPACK_INFRA
-    [xpack.monitoring.enabled]=$XPACK_MONITORING
-    [console.enabled]=$XPACK_DEVTOOLS
-  )
-  for i in "${!CONFIG_MAP[@]}"
-  do
-    if [ "${CONFIG_MAP[$i]}" != "" ]; then
-      sed -i 's/.'"$i"'.*/'"$i"': '"${CONFIG_MAP[$i]}"'/' $kibana_config_file
-    fi
-  done
-else
-  echo "
-#xpack features
-xpack.apm.ui.enabled: $XPACK_APM
-xpack.grokdebugger.enabled: $XPACK_DEVTOOLS
-xpack.searchprofiler.enabled: $XPACK_DEVTOOLS
-xpack.ml.enabled: $XPACK_ML
-xpack.canvas.enabled: $XPACK_CANVAS
-xpack.infra.enabled: $XPACK_INFRA
-xpack.monitoring.enabled: $XPACK_MONITORING
-console.enabled: $XPACK_DEVTOOLS
-" >> $kibana_config_file
-fi
--- a/logstash/Dockerfile
+++ b/logstash/Dockerfile
@@ -0,0 +1,12 @@
+FROM logstash:5.4.2
+
+RUN apt-get update
+
+COPY config/logstash.conf /etc/logstash/conf.d/logstash.conf
+COPY config/wazuh-elastic5-template.json /etc/logstash/wazuh-elastic5-template.json
+
+
+ADD config/run.sh /tmp/run.sh
+RUN chmod 755 /tmp/run.sh
+
+ENTRYPOINT ["/tmp/run.sh"]
--- a/logstash/config/logstash.conf
+++ b/logstash/config/logstash.conf
@@ -0,0 +1,43 @@
+# Wazuh - Logstash configuration file
+## Remote Wazuh Manager - Filebeat input
+input {
+    beats {
+        port => 5000
+        codec => "json_lines"
+#        ssl => true
+#        ssl_certificate => "/etc/logstash/logstash.crt"
+#        ssl_key => "/etc/logstash/logstash.key"
+    }
+}
+## Local Wazuh Manager - JSON file input
+#input {
+#   file {
+#       type => "wazuh-alerts"
+#       path => "/var/ossec/logs/alerts/alerts.json"
+#       codec => "json"
+#   }
+#}
+filter {
+    geoip {
+        source => "srcip"
+        target => "GeoLocation"
+        fields => ["city_name", "continent_code", "country_code2", "country_name", "region_name", "location"]
+    }
+    date {
+        match => ["timestamp", "ISO8601"]
+        target => "@timestamp"
+    }
+    mutate {
+        remove_field => [ "timestamp", "beat", "fields", "input_type", "tags", "count", "@version", "log", "offset", "type"]
+    }
+}
+output {
+    elasticsearch {
+        hosts => ["elasticsearch:9200"]
+        index => "wazuh-alerts-%{+YYYY.MM.dd}"
+        document_type => "wazuh"
+        template => "/etc/logstash/wazuh-elastic5-template.json"
+        template_name => "wazuh"
+        template_overwrite => true
+    }
+}
--- a/logstash/config/run.sh
+++ b/logstash/config/run.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+#
+# OSSEC container bootstrap. See the README for information of the environment
+# variables expected by this script.
+#
+
+#
+
+#
+# Apply Templates
+#
+
+set -e
+host="elasticsearch"
+until curl -XGET $host:9200; do
+  >&2 echo "Elastic is unavailable - sleeping"
+  sleep 1
+done
+
+# Add logstash as command if needed
+if [ "${1:0:1}" = '-' ]; then
+	set -- logstash "$@"
+fi
+
+# Run as user "logstash" if the command is "logstash"
+if [ "$1" = 'logstash' ]; then
+	set -- gosu logstash "$@"
+fi
+
+exec "$@"
--- a/logstash/config/wazuh-elastic5-template.json
+++ b/logstash/config/wazuh-elastic5-template.json
@@ -0,0 +1,620 @@
+{
+  "order": 0,
+  "template": "wazuh*",
+  "settings": {
+    "index.refresh_interval": "5s"
+  },
+  "mappings": {
+    "wazuh": {
+      "dynamic_templates": [
+        {
+          "string_as_keyword": {
+            "match_mapping_type": "string",
+            "mapping": {
+              "type": "keyword",
+              "doc_values": "true"
+            }
+          }
+        }
+      ],
+      "properties": {
+        "@timestamp": {
+          "type": "date",
+          "format": "dateOptionalTime"
+        },
+        "@version": {
+          "type": "text"
+        },
+        "agent": {
+          "properties": {
+            "ip": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "id": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "name": {
+              "type": "keyword",
+              "doc_values": "true"
+            }
+          }
+        },
+        "manager": {
+          "properties": {
+            "name": {
+              "type": "keyword",
+              "doc_values": "true"
+            }
+          }
+        },
+        "dstuser": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "AlertsFile": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "full_log": {
+          "type": "text"
+        },
+        "previous_log": {
+          "type": "text"
+        },
+        "GeoLocation": {
+          "properties": {
+            "area_code": {
+              "type": "long"
+            },
+            "city_name": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "continent_code": {
+              "type": "text"
+            },
+            "coordinates": {
+              "type": "double"
+            },
+            "country_code2": {
+              "type": "text"
+            },
+            "country_code3": {
+              "type": "text"
+            },
+            "country_name": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "dma_code": {
+              "type": "long"
+            },
+            "ip": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "latitude": {
+              "type": "double"
+            },
+            "location": {
+              "type": "geo_point"
+            },
+            "longitude": {
+              "type": "double"
+            },
+            "postal_code": {
+              "type": "keyword"
+            },
+            "real_region_name": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "region_name": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "timezone": {
+              "type": "text"
+            }
+          }
+        },
+        "host": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "syscheck": {
+          "properties": {
+            "path": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "sha1_before": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "sha1_after": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "uid_before": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "uid_after": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "gid_before": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "gid_after": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "perm_before": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "perm_after": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "md5_after": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "md5_before": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "gname_after": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "gname_before": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "inode_after": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "inode_before": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "mtime_after": {
+              "type": "date",
+              "format": "dateOptionalTime",
+              "doc_values": "true"
+            },
+            "mtime_before": {
+              "type": "date",
+              "format": "dateOptionalTime",
+              "doc_values": "true"
+            },
+            "uname_after": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "uname_before": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "size_before": {
+              "type": "long",
+              "doc_values": "true"
+            },
+            "size_after": {
+              "type": "long",
+              "doc_values": "true"
+            },
+            "diff": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "event": {
+              "type": "keyword",
+              "doc_values": "true"
+            }
+          }
+        },
+        "location": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "message": {
+          "type": "text"
+        },
+        "offset": {
+          "type": "keyword"
+        },
+        "rule": {
+          "properties": {
+            "description": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "groups": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "level": {
+              "type": "long",
+              "doc_values": "true"
+            },
+            "id": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "cve": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "info": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "frequency": {
+              "type": "long",
+              "doc_values": "true"
+            },
+            "firedtimes": {
+              "type": "long",
+              "doc_values": "true"
+            },
+            "cis": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "pci_dss": {
+              "type": "keyword",
+              "doc_values": "true"
+            }
+          }
+        },
+        "decoder": {
+          "properties": {
+            "parent": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "name": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "ftscomment": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "fts": {
+              "type": "long",
+              "doc_values": "true"
+            },
+            "accumulate": {
+              "type": "long",
+              "doc_values": "true"
+            }
+          }
+        },
+        "srcip": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "protocol": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "action": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "dstip": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "dstport": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "srcuser": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "program_name": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "id": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "status": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "command": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "url": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "data": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "system_name": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "type": {
+          "type": "text"
+        },
+        "title": {
+          "type": "keyword",
+          "doc_values": "true"
+        },
+        "oscap": {
+          "properties": {
+            "check.title": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "check.id": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "check.result": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "check.severity": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "check.description": {
+              "type": "text"
+            },
+            "check.rationale": {
+              "type": "text"
+            },
+            "check.references": {
+              "type": "text"
+            },
+            "check.identifiers": {
+              "type": "text"
+            },
+            "check.oval.id": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "scan.id": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "scan.content": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "scan.benchmark.id": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "scan.profile.title": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "scan.profile.id": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "scan.score": {
+              "type": "double",
+              "doc_values": "true"
+            },
+            "scan.return_code": {
+              "type": "long",
+              "doc_values": "true"
+            }
+          }
+        },
+        "audit": {
+          "properties": {
+            "type": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "id": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "syscall": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "exit": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "ppid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "pid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "auid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "uid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "gid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "euid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "suid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "fsuid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "egid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "sgid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "fsgid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "tty": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "session": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "command": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "exe": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "key": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "cwd": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "directory.name": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "directory.inode": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "directory.mode": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "file.name": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "file.inode": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "file.mode": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "acct": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "dev": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "enforcing": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "list": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "old-auid": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "old-ses": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "old_enforcing": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "old_prom": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "op": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "prom": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "res": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "srcip": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "subj": {
+              "type": "keyword",
+              "doc_values": "true"
+            },
+            "success": {
+              "type": "keyword",
+              "doc_values": "true"
+            }
+          }
+        }
+      }
+    },
+    "agent": {
+      "properties": {
+        "@timestamp": {
+          "type": "date",
+          "format": "dateOptionalTime"
+        },
+        "status": {
+          "type": "keyword"
+        },
+        "ip": {
+          "type": "keyword"
+        },
+        "host": {
+          "type": "keyword"
+        },
+        "name": {
+          "type": "keyword"
+        },
+        "id": {
+          "type": "keyword"
+        }
+      }
+    }
+  }
+}
--- a/production-cluster.yml
+++ b/production-cluster.yml
@@ -1,206 +0,0 @@
-# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-version: '3.7'
-
-services:
-  wazuh-master:
-    image: wazuh/wazuh-odfe:4.2.7
-    hostname: wazuh-master
-    restart: always
-    ports:
-      - "1515:1515"
-      - "514:514/udp"
-      - "55000:55000"
-    environment:
-      - ELASTICSEARCH_URL=https://elasticsearch:9200
-      - ELASTIC_USERNAME=admin
-      - ELASTIC_PASSWORD=SecretPassword
-      - FILEBEAT_SSL_VERIFICATION_MODE=full
-      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
-      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
-      - SSL_KEY=/etc/ssl/filebeat.key
-      - API_USERNAME=acme-user
-      - API_PASSWORD=MyS3cr37P450r.*-
-    volumes:
-      - ossec-api-configuration:/var/ossec/api/configuration
-      - ossec-etc:/var/ossec/etc
-      - ossec-logs:/var/ossec/logs
-      - ossec-queue:/var/ossec/queue
-      - ossec-var-multigroups:/var/ossec/var/multigroups
-      - ossec-integrations:/var/ossec/integrations
-      - ossec-active-response:/var/ossec/active-response/bin
-      - ossec-agentless:/var/ossec/agentless
-      - ossec-wodles:/var/ossec/wodles
-      - filebeat-etc:/etc/filebeat
-      - filebeat-var:/var/lib/filebeat
-      - ./production_cluster/ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem
-      - ./production_cluster/ssl_certs/filebeat.pem:/etc/ssl/filebeat.pem
-      - ./production_cluster/ssl_certs/filebeat.key:/etc/ssl/filebeat.key
-      - ./production_cluster/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf
-
-  wazuh-worker:
-    image: wazuh/wazuh-odfe:4.2.7
-    hostname: wazuh-worker
-    restart: always
-    environment:
-      - ELASTICSEARCH_URL=https://elasticsearch:9200
-      - ELASTIC_USERNAME=admin
-      - ELASTIC_PASSWORD=SecretPassword
-      - FILEBEAT_SSL_VERIFICATION_MODE=full
-      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/root-ca.pem
-      - SSL_CERTIFICATE=/etc/ssl/filebeat.pem
-      - SSL_KEY=/etc/ssl/filebeat.key
-    volumes:
-      - worker-ossec-api-configuration:/var/ossec/api/configuration
-      - worker-ossec-etc:/var/ossec/etc
-      - worker-ossec-logs:/var/ossec/logs
-      - worker-ossec-queue:/var/ossec/queue
-      - worker-ossec-var-multigroups:/var/ossec/var/multigroups
-      - worker-ossec-integrations:/var/ossec/integrations
-      - worker-ossec-active-response:/var/ossec/active-response/bin
-      - worker-ossec-agentless:/var/ossec/agentless
-      - worker-ossec-wodles:/var/ossec/wodles
-      - worker-filebeat-etc:/etc/filebeat
-      - worker-filebeat-var:/var/lib/filebeat
-      - ./production_cluster/ssl_certs/root-ca.pem:/etc/ssl/root-ca.pem
-      - ./production_cluster/ssl_certs/filebeat.pem:/etc/ssl/filebeat.pem
-      - ./production_cluster/ssl_certs/filebeat.key:/etc/ssl/filebeat.key
-      - ./production_cluster/wazuh_cluster/wazuh_worker.conf:/wazuh-config-mount/etc/ossec.conf
-
-  elasticsearch:
-    image: amazon/opendistro-for-elasticsearch:1.13.2
-    hostname: elasticsearch
-    restart: always
-    ports:
-      - "9200:9200"
-    environment:
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
-    volumes:
-      - elastic-data-1:/usr/share/elasticsearch/data
-      - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
-      - ./production_cluster/ssl_certs/node1.key:/usr/share/elasticsearch/config/node1.key
-      - ./production_cluster/ssl_certs/node1.pem:/usr/share/elasticsearch/config/node1.pem
-      - ./production_cluster/ssl_certs/admin.pem:/usr/share/elasticsearch/config/admin.pem
-      - ./production_cluster/ssl_certs/admin.key:/usr/share/elasticsearch/config/admin.key
-      - ./production_cluster/elastic_opendistro/elasticsearch-node1.yml:/usr/share/elasticsearch/config/elasticsearch.yml
-      - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
-
-  elasticsearch-2:
-    image: amazon/opendistro-for-elasticsearch:1.13.2
-    hostname: elasticsearch-2
-    restart: always
-    environment:
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
-    volumes:
-      - elastic-data-2:/usr/share/elasticsearch/data
-      - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
-      - ./production_cluster/ssl_certs/node2.key:/usr/share/elasticsearch/config/node2.key
-      - ./production_cluster/ssl_certs/node2.pem:/usr/share/elasticsearch/config/node2.pem
-      - ./production_cluster/elastic_opendistro/elasticsearch-node2.yml:/usr/share/elasticsearch/config/elasticsearch.yml
-      - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
-
-  elasticsearch-3:
-    image: amazon/opendistro-for-elasticsearch:1.13.2
-    hostname: elasticsearch-3
-    restart: always
-    environment:
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
-    volumes:
-      - elastic-data-3:/usr/share/elasticsearch/data
-      - ./production_cluster/ssl_certs/root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
-      - ./production_cluster/ssl_certs/node3.key:/usr/share/elasticsearch/config/node3.key
-      - ./production_cluster/ssl_certs/node3.pem:/usr/share/elasticsearch/config/node3.pem
-      - ./production_cluster/elastic_opendistro/elasticsearch-node3.yml:/usr/share/elasticsearch/config/elasticsearch.yml
-      - ./production_cluster/elastic_opendistro/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
-
-  kibana:
-    image: wazuh/wazuh-kibana-odfe:4.2.7
-    hostname: kibana
-    restart: always
-    ports:
-      - 5601:5601
-    environment:
-      - ELASTICSEARCH_USERNAME=admin
-      - ELASTICSEARCH_PASSWORD=SecretPassword
-      - SERVER_SSL_ENABLED=true
-      - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/cert.pem
-      - SERVER_SSL_KEY=/usr/share/kibana/config/key.pem
-      - WAZUH_API_URL="https://wazuh-master"
-      - API_USERNAME=acme-user
-      - API_PASSWORD=MyS3cr37P450r.*-
-    volumes:
-      - ./production_cluster/kibana_ssl/cert.pem:/usr/share/kibana/config/cert.pem
-      - ./production_cluster/kibana_ssl/key.pem:/usr/share/kibana/config/key.pem
-
-    depends_on:
-      - elasticsearch
-    links:
-      - elasticsearch:elasticsearch
-      - wazuh-master:wazuh-master
-
-  nginx:
-    image: nginx:stable
-    hostname: nginx
-    restart: always
-    ports:
-      - "80:80"
-      - "443:443"
-      - "1514:1514"
-    depends_on:
-      - wazuh-master
-      - wazuh-worker
-      - kibana
-    links:
-      - wazuh-master:wazuh-master
-      - wazuh-worker:wazuh-worker
-      - kibana:kibana
-    volumes:
-      - ./production_cluster/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
-      - ./production_cluster/nginx/ssl:/etc/nginx/ssl:ro
-
-volumes:
-  ossec-api-configuration:
-  ossec-etc:
-  ossec-logs:
-  ossec-queue:
-  ossec-var-multigroups:
-  ossec-integrations:
-  ossec-active-response:
-  ossec-agentless:
-  ossec-wodles:
-  filebeat-etc:
-  filebeat-var:
-  worker-ossec-api-configuration:
-  worker-ossec-etc:
-  worker-ossec-logs:
-  worker-ossec-queue:
-  worker-ossec-var-multigroups:
-  worker-ossec-integrations:
-  worker-ossec-active-response:
-  worker-ossec-agentless:
-  worker-ossec-wodles:
-  worker-filebeat-etc:
-  worker-filebeat-var:
-  elastic-data-1:
-  elastic-data-2:
-  elastic-data-3:
--- a/production_cluster/elastic_opendistro/elasticsearch-node1.yml
+++ b/production_cluster/elastic_opendistro/elasticsearch-node1.yml
@@ -1,31 +0,0 @@
-network.host: 0.0.0.0
-cluster.name: wazuh-cluster
-node.name: elasticsearch
-discovery.seed_hosts: elasticsearch,elasticsearch-2,elasticsearch-3
-cluster.initial_master_nodes: elasticsearch,elasticsearch-2,elasticsearch-3
-bootstrap.memory_lock: true
-
-opendistro_security.ssl.transport.pemcert_filepath: node1.pem
-opendistro_security.ssl.transport.pemkey_filepath: node1.key
-opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-opendistro_security.ssl.transport.resolve_hostname: false
-opendistro_security.ssl.http.enabled: true
-opendistro_security.ssl.http.pemcert_filepath: node1.pem
-opendistro_security.ssl.http.pemkey_filepath: node1.key
-opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.allow_default_init_securityindex: true
-opendistro_security.nodes_dn:
-    - 'CN=node1,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-    - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-    - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-    - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
-opendistro_security.audit.type: internal_elasticsearch
-opendistro_security.enable_snapshot_restore_privilege: true
-opendistro_security.check_snapshot_restore_write_privileges: true
-opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
-cluster.routing.allocation.disk.threshold_enabled: false
-#opendistro_security.audit.config.disabled_rest_categories: NONE
-#opendistro_security.audit.config.disabled_transport_categories: NONE
-opendistro_security.audit.log_request_body: false
--- a/production_cluster/elastic_opendistro/elasticsearch-node2.yml
+++ b/production_cluster/elastic_opendistro/elasticsearch-node2.yml
@@ -1,31 +0,0 @@
-network.host: 0.0.0.0
-cluster.name: wazuh-cluster
-node.name: elasticsearch-2
-discovery.seed_hosts: elasticsearch,elasticsearch-2,elasticsearch-3
-cluster.initial_master_nodes: elasticsearch,elasticsearch-2,elasticsearch-3
-bootstrap.memory_lock: true
-
-opendistro_security.ssl.transport.pemcert_filepath: node2.pem
-opendistro_security.ssl.transport.pemkey_filepath: node2.key
-opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-opendistro_security.ssl.transport.resolve_hostname: false
-opendistro_security.ssl.http.enabled: true
-opendistro_security.ssl.http.pemcert_filepath: node2.pem
-opendistro_security.ssl.http.pemkey_filepath: node2.key
-opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.allow_default_init_securityindex: true
-opendistro_security.nodes_dn:
-    - 'CN=node1,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-    - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-    - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-    - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
-opendistro_security.audit.type: internal_elasticsearch
-opendistro_security.enable_snapshot_restore_privilege: true
-opendistro_security.check_snapshot_restore_write_privileges: true
-opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
-cluster.routing.allocation.disk.threshold_enabled: false
-#opendistro_security.audit.config.disabled_rest_categories: NONE
-#opendistro_security.audit.config.disabled_transport_categories: NONE
-opendistro_security.audit.log_request_body: false
--- a/production_cluster/elastic_opendistro/elasticsearch-node3.yml
+++ b/production_cluster/elastic_opendistro/elasticsearch-node3.yml
@@ -1,31 +0,0 @@
-network.host: 0.0.0.0
-cluster.name: wazuh-cluster
-node.name: elasticsearch-3
-discovery.seed_hosts: elasticsearch,elasticsearch-2,elasticsearch-3
-cluster.initial_master_nodes: elasticsearch,elasticsearch-2,elasticsearch-3
-bootstrap.memory_lock: true
-
-opendistro_security.ssl.transport.pemcert_filepath: node3.pem
-opendistro_security.ssl.transport.pemkey_filepath: node3.key
-opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-opendistro_security.ssl.transport.resolve_hostname: false
-opendistro_security.ssl.http.enabled: true
-opendistro_security.ssl.http.pemcert_filepath: node3.pem
-opendistro_security.ssl.http.pemkey_filepath: node3.key
-opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.allow_default_init_securityindex: true
-opendistro_security.nodes_dn:
-    - 'CN=node1,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-    - 'CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-    - 'CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-    - 'CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com'
-opendistro_security.authcz.admin_dn: ['CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com']
-opendistro_security.audit.type: internal_elasticsearch
-opendistro_security.enable_snapshot_restore_privilege: true
-opendistro_security.check_snapshot_restore_write_privileges: true
-opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
-cluster.routing.allocation.disk.threshold_enabled: false
-#opendistro_security.audit.config.disabled_rest_categories: NONE
-#opendistro_security.audit.config.disabled_transport_categories: NONE
-opendistro_security.audit.log_request_body: false
--- a/production_cluster/elastic_opendistro/internal_users.yml
+++ b/production_cluster/elastic_opendistro/internal_users.yml
@@ -1,56 +0,0 @@
---
-# This is the internal user database
-# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
-
-_meta:
-  type: "internalusers"
-  config_version: 2
-
-# Define your internal users here
-
-## Demo users
-
-admin:
-  hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
-  reserved: true
-  backend_roles:
-  - "admin"
-  description: "Demo admin user"
-
-kibanaserver:
-  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
-  reserved: true
-  description: "Demo kibanaserver user"
-
-kibanaro:
-  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
-  reserved: false
-  backend_roles:
-  - "kibanauser"
-  - "readall"
-  attributes:
-    attribute1: "value1"
-    attribute2: "value2"
-    attribute3: "value3"
-  description: "Demo kibanaro user"
-
-logstash:
-  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
-  reserved: false
-  backend_roles:
-  - "logstash"
-  description: "Demo logstash user"
-
-readall:
-  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
-  reserved: false
-  backend_roles:
-  - "readall"
-  description: "Demo readall user"
-
-snapshotrestore:
-  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
-  reserved: false
-  backend_roles:
-  - "snapshotrestore"
-  description: "Demo snapshotrestore user"
--- a/production_cluster/kibana_ssl/generate-self-signed-cert.sh
+++ b/production_cluster/kibana_ssl/generate-self-signed-cert.sh
@@ -1,13 +0,0 @@
-#!/bin/bash
-
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-cd $DIR
-
-if [ -s key.pem ]
-then
-    echo "Certificate already exists"
-    exit
-else
-    openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
-    chown -R 1000:1000 *.pem
-fi
--- a/production_cluster/nginx/nginx.conf
+++ b/production_cluster/nginx/nginx.conf
@@ -1,67 +0,0 @@
-user  nginx;
-worker_processes  1;
-
-error_log  /var/log/nginx/error.log warn;
-pid        /var/run/nginx.pid;
-
-
-events {
-    worker_connections  1024;
-}
-
-
-http {
-    include       /etc/nginx/mime.types;
-    default_type  application/octet-stream;
-
-    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
-                      '$status $body_bytes_sent "$http_referer" '
-                      '"$http_user_agent" "$http_x_forwarded_for"';
-
-    access_log  /var/log/nginx/access.log  main;
-
-    sendfile        on;
-    tcp_nopush     on;
-
-    keepalive_timeout  65;
-
-    server_tokens off;
-    gzip  on;
-
-    # kibana UI
-    server {
-        listen 80;
-        listen [::]:80;
-        return 301 https://$host:443$request_uri;
-    }
-
-    server {
-        listen 443 default_server ssl http2;
-        listen [::]:443 ssl http2;
-        ssl_certificate /etc/nginx/ssl/cert.pem;
-        ssl_certificate_key /etc/nginx/ssl/key.pem;
-        location / {
-            proxy_pass https://kibana:5601/;
-            proxy_ssl_verify off;
-            proxy_buffer_size          128k;
-            proxy_buffers              4 256k;
-            proxy_busy_buffers_size    256k;
-        }
-    }
-
-}
-
-
-
-# load balancer for Wazuh cluster
-stream {
-    upstream mycluster {
-        hash $remote_addr consistent;
-        server wazuh-master:1514;
-        server wazuh-worker:1514;
-    }
-    server {
-        listen 1514;
-        proxy_pass mycluster;
-    }
-}
--- a/production_cluster/nginx/ssl/generate-self-signed-cert.sh
+++ b/production_cluster/nginx/ssl/generate-self-signed-cert.sh
@@ -1,12 +0,0 @@
-#!/bin/bash
-
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-cd $DIR
-
-if [ -s key.pem ]
-then
-    echo "Certificate already exists"
-    exit
-else
-    openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
-fi
--- a/production_cluster/ssl_certs/certs.yml
+++ b/production_cluster/ssl_certs/certs.yml
@@ -1,35 +0,0 @@
-ca:
-   root:
-      dn: CN=root-ca,OU=CA,O=Example\, Inc.,DC=example,DC=com
-      pkPassword: none
-      keysize: 2048
-      file: root-ca.pem 
-   intermediate:
-      dn: CN=intermediate,OU=CA,O=Example\, Inc.,DC=example,DC=com
-      keysize: 2048
-      validityDays: 3650  
-      pkPassword: intermediate-ca-password
-      file: intermediate-ca.pem
-
-nodes:
-  - name: node1
-    dn: CN=node1,OU=Ops,O=Example\, Inc.,DC=example,DC=com
-    dns: 
-      - elasticsearch
-  - name: node2
-    dn: CN=node2,OU=Ops,O=Example\, Inc.,DC=example,DC=com
-    dns: 
-      - elasticsearch-2
-  - name: node3
-    dn: CN=node3,OU=Ops,O=Example\, Inc.,DC=example,DC=com
-    dns: 
-      - elasticsearch-3
-  - name: filebeat
-    dn: CN=filebeat,OU=Ops,O=Example\, Inc.,DC=example,DC=com
-    dns: 
-      - wazuh
-
-clients:
-  - name: admin
-    dn: CN=admin,OU=Ops,O=Example\, Inc.,DC=example,DC=com
-    admin: true
--- a/production_cluster/wazuh_cluster/wazuh_manager.conf
+++ b/production_cluster/wazuh_cluster/wazuh_manager.conf
@@ -1,346 +0,0 @@
-<ossec_config>
-  <global>
-    <jsonout_output>yes</jsonout_output>
-    <alerts_log>yes</alerts_log>
-    <logall>no</logall>
-    <logall_json>no</logall_json>
-    <email_notification>no</email_notification>
-    <smtp_server>smtp.example.wazuh.com</smtp_server>
-    <email_from>ossecm@example.wazuh.com</email_from>
-    <email_to>recipient@example.wazuh.com</email_to>
-    <email_maxperhour>12</email_maxperhour>
-    <email_log_source>alerts.log</email_log_source>
-  </global>
-
-  <alerts>
-    <log_alert_level>3</log_alert_level>
-    <email_alert_level>12</email_alert_level>
-  </alerts>
-
-  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
-  <logging>
-    <log_format>plain</log_format>
-  </logging>
-
-  <remote>
-    <connection>secure</connection>
-    <port>1514</port>
-    <protocol>tcp</protocol>
-    <queue_size>131072</queue_size>
-  </remote>
-
-  <!-- Policy monitoring -->
-  <rootcheck>
-    <disabled>no</disabled>
-    <check_files>yes</check_files>
-    <check_trojans>yes</check_trojans>
-    <check_dev>yes</check_dev>
-    <check_sys>yes</check_sys>
-    <check_pids>yes</check_pids>
-    <check_ports>yes</check_ports>
-    <check_if>yes</check_if>
-
-    <!-- Frequency that rootcheck is executed - every 12 hours -->
-    <frequency>43200</frequency>
-
-    <rootkit_files>/var/ossec/etc/rootcheck/rootkit_files.txt</rootkit_files>
-    <rootkit_trojans>/var/ossec/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
-
-    <skip_nfs>yes</skip_nfs>
-  </rootcheck>
-
-  <wodle name="cis-cat">
-    <disabled>yes</disabled>
-    <timeout>1800</timeout>
-    <interval>1d</interval>
-    <scan-on-start>yes</scan-on-start>
-
-    <java_path>wodles/java</java_path>
-    <ciscat_path>wodles/ciscat</ciscat_path>
-  </wodle>
-
-  <!-- Osquery integration -->
-  <wodle name="osquery">
-    <disabled>yes</disabled>
-    <run_daemon>yes</run_daemon>
-    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
-    <config_path>/etc/osquery/osquery.conf</config_path>
-    <add_labels>yes</add_labels>
-  </wodle>
-
-  <!-- System inventory -->
-  <wodle name="syscollector">
-    <disabled>no</disabled>
-    <interval>1h</interval>
-    <scan_on_start>yes</scan_on_start>
-    <hardware>yes</hardware>
-    <os>yes</os>
-    <network>yes</network>
-    <packages>yes</packages>
-    <ports all="no">yes</ports>
-    <processes>yes</processes>
-  </wodle>
-
-  <sca>
-    <enabled>yes</enabled>
-    <scan_on_start>yes</scan_on_start>
-    <interval>12h</interval>
-    <skip_nfs>yes</skip_nfs>
-  </sca>
-
-  <vulnerability-detector>
-    <enabled>no</enabled>
-    <interval>5m</interval>
-    <ignore_time>6h</ignore_time>
-    <run_on_start>yes</run_on_start>
-
-    <!-- Ubuntu OS vulnerabilities -->
-    <provider name="canonical">
-      <enabled>no</enabled>
-      <os>trusty</os>
-      <os>xenial</os>
-      <os>bionic</os>
-      <os>focal</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Debian OS vulnerabilities -->
-    <provider name="debian">
-      <enabled>no</enabled>
-      <os>stretch</os>
-      <os>buster</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- RedHat OS vulnerabilities -->
-    <provider name="redhat">
-      <enabled>no</enabled>
-      <os>5</os>
-      <os>6</os>
-      <os>7</os>
-      <os>8</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Windows OS vulnerabilities -->
-    <provider name="msu">
-      <enabled>yes</enabled>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Aggregate vulnerabilities -->
-    <provider name="nvd">
-      <enabled>yes</enabled>
-      <update_from_year>2010</update_from_year>
-      <update_interval>1h</update_interval>
-    </provider>
-
-  </vulnerability-detector>
-
-  <!-- File integrity monitoring -->
-  <syscheck>
-    <disabled>no</disabled>
-
-    <!-- Frequency that syscheck is executed default every 12 hours -->
-    <frequency>43200</frequency>
-
-    <scan_on_start>yes</scan_on_start>
-
-    <!-- Generate alert when new file detected -->
-    <alert_new_files>yes</alert_new_files>
-
-    <!-- Don't ignore files that change more than 'frequency' times -->
-    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
-
-    <!-- Directories to check  (perform all possible verifications) -->
-    <directories>/etc,/usr/bin,/usr/sbin</directories>
-    <directories>/bin,/sbin,/boot</directories>
-
-    <!-- Files/directories to ignore -->
-    <ignore>/etc/mtab</ignore>
-    <ignore>/etc/hosts.deny</ignore>
-    <ignore>/etc/mail/statistics</ignore>
-    <ignore>/etc/random-seed</ignore>
-    <ignore>/etc/random.seed</ignore>
-    <ignore>/etc/adjtime</ignore>
-    <ignore>/etc/httpd/logs</ignore>
-    <ignore>/etc/utmpx</ignore>
-    <ignore>/etc/wtmpx</ignore>
-    <ignore>/etc/cups/certs</ignore>
-    <ignore>/etc/dumpdates</ignore>
-    <ignore>/etc/svc/volatile</ignore>
-
-    <!-- File types to ignore -->
-    <ignore type="sregex">.log$|.swp$</ignore>
-
-    <!-- Check the file, but never compute the diff -->
-    <nodiff>/etc/ssl/private.key</nodiff>
-
-    <skip_nfs>yes</skip_nfs>
-    <skip_dev>yes</skip_dev>
-    <skip_proc>yes</skip_proc>
-    <skip_sys>yes</skip_sys>
-
-    <!-- Nice value for Syscheck process -->
-    <process_priority>10</process_priority>
-
-    <!-- Maximum output throughput -->
-    <max_eps>100</max_eps>
-
-    <!-- Database synchronization settings -->
-    <synchronization>
-      <enabled>yes</enabled>
-      <interval>5m</interval>
-      <max_interval>1h</max_interval>
-      <max_eps>10</max_eps>
-    </synchronization>
-  </syscheck>
-
-  <!-- Active response -->
-  <global>
-    <white_list>127.0.0.1</white_list>
-    <white_list>^localhost.localdomain$</white_list>
-  </global>
-
-  <command>
-    <name>disable-account</name>
-    <executable>disable-account.sh</executable>
-    <expect>user</expect>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>restart-ossec</name>
-    <executable>restart-ossec.sh</executable>
-    <expect></expect>
-  </command>
-
-  <command>
-    <name>firewall-drop</name>
-    <executable>firewall-drop.sh</executable>
-    <expect>srcip</expect>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>host-deny</name>
-    <executable>host-deny.sh</executable>
-    <expect>srcip</expect>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>route-null</name>
-    <executable>route-null.sh</executable>
-    <expect>srcip</expect>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>win_route-null</name>
-    <executable>route-null.cmd</executable>
-    <expect>srcip</expect>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>win_route-null-2012</name>
-    <executable>route-null-2012.cmd</executable>
-    <expect>srcip</expect>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>netsh</name>
-    <executable>netsh.cmd</executable>
-    <expect>srcip</expect>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>netsh-win-2016</name>
-    <executable>netsh-win-2016.cmd</executable>
-    <expect>srcip</expect>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <!--
-  <active-response>
-    active-response options here
-  </active-response>
-  -->
-
-  <!-- Log analysis -->
-  <localfile>
-    <log_format>command</log_format>
-    <command>df -P</command>
-    <frequency>360</frequency>
-  </localfile>
-
-  <localfile>
-    <log_format>full_command</log_format>
-    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
-    <alias>netstat listening ports</alias>
-    <frequency>360</frequency>
-  </localfile>
-
-  <localfile>
-    <log_format>full_command</log_format>
-    <command>last -n 20</command>
-    <frequency>360</frequency>
-  </localfile>
-
-  <ruleset>
-    <!-- Default ruleset -->
-    <decoder_dir>ruleset/decoders</decoder_dir>
-    <rule_dir>ruleset/rules</rule_dir>
-    <rule_exclude>0215-policy_rules.xml</rule_exclude>
-    <list>etc/lists/audit-keys</list>
-    <list>etc/lists/amazon/aws-eventnames</list>
-    <list>etc/lists/security-eventchannel</list>
-
-    <!-- User-defined ruleset -->
-    <decoder_dir>etc/decoders</decoder_dir>
-    <rule_dir>etc/rules</rule_dir>
-  </ruleset>
-
-  <!-- Configuration for wazuh-authd -->
-  <auth>
-    <disabled>no</disabled>
-    <port>1515</port>
-    <use_source_ip>no</use_source_ip>
-    <force_insert>yes</force_insert>
-    <force_time>0</force_time>
-    <purge>yes</purge>
-    <use_password>no</use_password>
-    <limit_maxagents>yes</limit_maxagents>
-    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
-    <!-- <ssl_agent_ca></ssl_agent_ca> -->
-    <ssl_verify_host>no</ssl_verify_host>
-    <ssl_manager_cert>/var/ossec/etc/sslmanager.cert</ssl_manager_cert>
-    <ssl_manager_key>/var/ossec/etc/sslmanager.key</ssl_manager_key>
-    <ssl_auto_negotiate>no</ssl_auto_negotiate>
-  </auth>
-
-  <cluster>
-    <name>wazuh</name>
-    <node_name>manager</node_name>
-    <node_type>master</node_type>
-    <key>c98b6ha9b6169zc5f67rae55ae4z5647</key>
-    <port>1516</port>
-    <bind_addr>0.0.0.0</bind_addr>
-    <nodes>
-        <node>wazuh-master</node>
-    </nodes>
-    <hidden>no</hidden>
-    <disabled>no</disabled>
-  </cluster>
-
-</ossec_config>
-
-<ossec_config>
-  <localfile>
-    <log_format>syslog</log_format>
-    <location>/var/ossec/logs/active-responses.log</location>
-  </localfile>
-</ossec_config>
--- a/production_cluster/wazuh_cluster/wazuh_worker.conf
+++ b/production_cluster/wazuh_cluster/wazuh_worker.conf
@@ -1,346 +0,0 @@
-<ossec_config>
-  <global>
-    <jsonout_output>yes</jsonout_output>
-    <alerts_log>yes</alerts_log>
-    <logall>no</logall>
-    <logall_json>no</logall_json>
-    <email_notification>no</email_notification>
-    <smtp_server>smtp.example.wazuh.com</smtp_server>
-    <email_from>ossecm@example.wazuh.com</email_from>
-    <email_to>recipient@example.wazuh.com</email_to>
-    <email_maxperhour>12</email_maxperhour>
-    <email_log_source>alerts.log</email_log_source>
-  </global>
-
-  <alerts>
-    <log_alert_level>3</log_alert_level>
-    <email_alert_level>12</email_alert_level>
-  </alerts>
-
-  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
-  <logging>
-    <log_format>plain</log_format>
-  </logging>
-
-  <remote>
-    <connection>secure</connection>
-    <port>1514</port>
-    <protocol>tcp</protocol>
-    <queue_size>131072</queue_size>
-  </remote>
-
-  <!-- Policy monitoring -->
-  <rootcheck>
-    <disabled>no</disabled>
-    <check_files>yes</check_files>
-    <check_trojans>yes</check_trojans>
-    <check_dev>yes</check_dev>
-    <check_sys>yes</check_sys>
-    <check_pids>yes</check_pids>
-    <check_ports>yes</check_ports>
-    <check_if>yes</check_if>
-
-    <!-- Frequency that rootcheck is executed - every 12 hours -->
-    <frequency>43200</frequency>
-
-    <rootkit_files>/var/ossec/etc/rootcheck/rootkit_files.txt</rootkit_files>
-    <rootkit_trojans>/var/ossec/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
-
-    <skip_nfs>yes</skip_nfs>
-  </rootcheck>
-
-  <wodle name="cis-cat">
-    <disabled>yes</disabled>
-    <timeout>1800</timeout>
-    <interval>1d</interval>
-    <scan-on-start>yes</scan-on-start>
-
-    <java_path>wodles/java</java_path>
-    <ciscat_path>wodles/ciscat</ciscat_path>
-  </wodle>
-
-  <!-- Osquery integration -->
-  <wodle name="osquery">
-    <disabled>yes</disabled>
-    <run_daemon>yes</run_daemon>
-    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
-    <config_path>/etc/osquery/osquery.conf</config_path>
-    <add_labels>yes</add_labels>
-  </wodle>
-
-  <!-- System inventory -->
-  <wodle name="syscollector">
-    <disabled>no</disabled>
-    <interval>1h</interval>
-    <scan_on_start>yes</scan_on_start>
-    <hardware>yes</hardware>
-    <os>yes</os>
-    <network>yes</network>
-    <packages>yes</packages>
-    <ports all="no">yes</ports>
-    <processes>yes</processes>
-  </wodle>
-
-  <sca>
-    <enabled>yes</enabled>
-    <scan_on_start>yes</scan_on_start>
-    <interval>12h</interval>
-    <skip_nfs>yes</skip_nfs>
-  </sca>
-
-  <vulnerability-detector>
-    <enabled>no</enabled>
-    <interval>5m</interval>
-    <ignore_time>6h</ignore_time>
-    <run_on_start>yes</run_on_start>
-
-    <!-- Ubuntu OS vulnerabilities -->
-    <provider name="canonical">
-      <enabled>no</enabled>
-      <os>trusty</os>
-      <os>xenial</os>
-      <os>bionic</os>
-      <os>focal</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Debian OS vulnerabilities -->
-    <provider name="debian">
-      <enabled>no</enabled>
-      <os>stretch</os>
-      <os>buster</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- RedHat OS vulnerabilities -->
-    <provider name="redhat">
-      <enabled>no</enabled>
-      <os>5</os>
-      <os>6</os>
-      <os>7</os>
-      <os>8</os>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Windows OS vulnerabilities -->
-    <provider name="msu">
-      <enabled>yes</enabled>
-      <update_interval>1h</update_interval>
-    </provider>
-
-    <!-- Aggregate vulnerabilities -->
-    <provider name="nvd">
-      <enabled>yes</enabled>
-      <update_from_year>2010</update_from_year>
-      <update_interval>1h</update_interval>
-    </provider>
-
-  </vulnerability-detector>
-
-  <!-- File integrity monitoring -->
-  <syscheck>
-    <disabled>no</disabled>
-
-    <!-- Frequency that syscheck is executed default every 12 hours -->
-    <frequency>43200</frequency>
-
-    <scan_on_start>yes</scan_on_start>
-
-    <!-- Generate alert when new file detected -->
-    <alert_new_files>yes</alert_new_files>
-
-    <!-- Don't ignore files that change more than 'frequency' times -->
-    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
-
-    <!-- Directories to check  (perform all possible verifications) -->
-    <directories>/etc,/usr/bin,/usr/sbin</directories>
-    <directories>/bin,/sbin,/boot</directories>
-
-    <!-- Files/directories to ignore -->
-    <ignore>/etc/mtab</ignore>
-    <ignore>/etc/hosts.deny</ignore>
-    <ignore>/etc/mail/statistics</ignore>
-    <ignore>/etc/random-seed</ignore>
-    <ignore>/etc/random.seed</ignore>
-    <ignore>/etc/adjtime</ignore>
-    <ignore>/etc/httpd/logs</ignore>
-    <ignore>/etc/utmpx</ignore>
-    <ignore>/etc/wtmpx</ignore>
-    <ignore>/etc/cups/certs</ignore>
-    <ignore>/etc/dumpdates</ignore>
-    <ignore>/etc/svc/volatile</ignore>
-
-    <!-- File types to ignore -->
-    <ignore type="sregex">.log$|.swp$</ignore>
-
-    <!-- Check the file, but never compute the diff -->
-    <nodiff>/etc/ssl/private.key</nodiff>
-
-    <skip_nfs>yes</skip_nfs>
-    <skip_dev>yes</skip_dev>
-    <skip_proc>yes</skip_proc>
-    <skip_sys>yes</skip_sys>
-
-    <!-- Nice value for Syscheck process -->
-    <process_priority>10</process_priority>
-
-    <!-- Maximum output throughput -->
-    <max_eps>100</max_eps>
-
-    <!-- Database synchronization settings -->
-    <synchronization>
-      <enabled>yes</enabled>
-      <interval>5m</interval>
-      <max_interval>1h</max_interval>
-      <max_eps>10</max_eps>
-    </synchronization>
-  </syscheck>
-
-  <!-- Active response -->
-  <global>
-    <white_list>127.0.0.1</white_list>
-    <white_list>^localhost.localdomain$</white_list>
-  </global>
-
-  <command>
-    <name>disable-account</name>
-    <executable>disable-account.sh</executable>
-    <expect>user</expect>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>restart-ossec</name>
-    <executable>restart-ossec.sh</executable>
-    <expect></expect>
-  </command>
-
-  <command>
-    <name>firewall-drop</name>
-    <executable>firewall-drop.sh</executable>
-    <expect>srcip</expect>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>host-deny</name>
-    <executable>host-deny.sh</executable>
-    <expect>srcip</expect>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>route-null</name>
-    <executable>route-null.sh</executable>
-    <expect>srcip</expect>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>win_route-null</name>
-    <executable>route-null.cmd</executable>
-    <expect>srcip</expect>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>win_route-null-2012</name>
-    <executable>route-null-2012.cmd</executable>
-    <expect>srcip</expect>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>netsh</name>
-    <executable>netsh.cmd</executable>
-    <expect>srcip</expect>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <command>
-    <name>netsh-win-2016</name>
-    <executable>netsh-win-2016.cmd</executable>
-    <expect>srcip</expect>
-    <timeout_allowed>yes</timeout_allowed>
-  </command>
-
-  <!--
-  <active-response>
-    active-response options here
-  </active-response>
-  -->
-
-  <!-- Log analysis -->
-  <localfile>
-    <log_format>command</log_format>
-    <command>df -P</command>
-    <frequency>360</frequency>
-  </localfile>
-
-  <localfile>
-    <log_format>full_command</log_format>
-    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
-    <alias>netstat listening ports</alias>
-    <frequency>360</frequency>
-  </localfile>
-
-  <localfile>
-    <log_format>full_command</log_format>
-    <command>last -n 20</command>
-    <frequency>360</frequency>
-  </localfile>
-
-  <ruleset>
-    <!-- Default ruleset -->
-    <decoder_dir>ruleset/decoders</decoder_dir>
-    <rule_dir>ruleset/rules</rule_dir>
-    <rule_exclude>0215-policy_rules.xml</rule_exclude>
-    <list>etc/lists/audit-keys</list>
-    <list>etc/lists/amazon/aws-eventnames</list>
-    <list>etc/lists/security-eventchannel</list>
-
-    <!-- User-defined ruleset -->
-    <decoder_dir>etc/decoders</decoder_dir>
-    <rule_dir>etc/rules</rule_dir>
-  </ruleset>
-
-  <!-- Configuration for wazuh-authd -->
-  <auth>
-    <disabled>no</disabled>
-    <port>1515</port>
-    <use_source_ip>no</use_source_ip>
-    <force_insert>yes</force_insert>
-    <force_time>0</force_time>
-    <purge>yes</purge>
-    <use_password>no</use_password>
-    <limit_maxagents>yes</limit_maxagents>
-    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
-    <!-- <ssl_agent_ca></ssl_agent_ca> -->
-    <ssl_verify_host>no</ssl_verify_host>
-    <ssl_manager_cert>/var/ossec/etc/sslmanager.cert</ssl_manager_cert>
-    <ssl_manager_key>/var/ossec/etc/sslmanager.key</ssl_manager_key>
-    <ssl_auto_negotiate>no</ssl_auto_negotiate>
-  </auth>
-
-  <cluster>
-    <name>wazuh</name>
-    <node_name>worker01</node_name>
-    <node_type>worker</node_type>
-    <key>c98b6ha9b6169zc5f67rae55ae4z5647</key>
-    <port>1516</port>
-    <bind_addr>0.0.0.0</bind_addr>
-    <nodes>
-        <node>wazuh-master</node>
-    </nodes>
-    <hidden>no</hidden>
-    <disabled>no</disabled>
-  </cluster>
-
-</ossec_config>
-
-<ossec_config>
-  <localfile>
-    <log_format>syslog</log_format>
-    <location>/var/ossec/logs/active-responses.log</location>
-  </localfile>
-</ossec_config>
--- a/wazuh-odfe/Dockerfile
+++ b/wazuh-odfe/Dockerfile
@@ -1,55 +0,0 @@
-# Wazuh Docker Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-FROM centos:7
-
-ARG FILEBEAT_CHANNEL=filebeat-oss
-ARG FILEBEAT_VERSION=7.10.2
-ARG WAZUH_VERSION=4.2.7
-ARG TEMPLATE_VERSION="master"
-ARG WAZUH_FILEBEAT_MODULE="wazuh-filebeat-0.1.tar.gz"
-
-# Set repositories.
-RUN rpm --import https://packages.wazuh.com/key/GPG-KEY-WAZUH
-
-COPY config/wazuh.repo /etc/yum.repos.d/wazuh.repo
-
-RUN yum --enablerepo=updates clean metadata && \
-  yum upgrade -y && \
-  yum -y install openssl which expect openssh-clients && yum -y install wazuh-manager-${WAZUH_VERSION} -y && \
-  sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo && \
-  yum clean all && rm -rf /var/cache/yum
-
-RUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm &&\
-  rpm -i ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm && rm -f ${FILEBEAT_CHANNEL}-${FILEBEAT_VERSION}-x86_64.rpm
-
-RUN curl -s https://packages.wazuh.com/4.x/filebeat/${WAZUH_FILEBEAT_MODULE} | tar -xvz -C /usr/share/filebeat/module
-
-RUN curl -L https://github.com/aelsabbahy/goss/releases/latest/download/goss-linux-amd64 -o /usr/local/bin/goss && chmod +rx /usr/local/bin/goss
-
-ARG S6_VERSION="v2.2.0.3"
-RUN curl --fail --silent -L https://github.com/just-containers/s6-overlay/releases/download/${S6_VERSION}/s6-overlay-amd64.tar.gz \
-    -o /tmp/s6-overlay-amd64.tar.gz && \
-    tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \
-    tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin && \
-    rm  /tmp/s6-overlay-amd64.tar.gz
-
-COPY config/filebeat.yml /etc/filebeat/
-
-RUN chmod go-w /etc/filebeat/filebeat.yml
-
-ADD https://raw.githubusercontent.com/wazuh/wazuh/$TEMPLATE_VERSION/extensions/elasticsearch/7.x/wazuh-template.json /etc/filebeat
-RUN chmod go-w /etc/filebeat/wazuh-template.json
-
-COPY config/etc/ /etc/
-COPY --chown=root:ossec config/create_user.py /var/ossec/framework/scripts/create_user.py
-
-# Prepare permanent data
-# Sync calls are due to https://github.com/docker/docker/issues/9547
-COPY config/permanent_data.env config/permanent_data.sh /
-RUN chmod 755 /permanent_data.sh && \
-    sync && /permanent_data.sh && \
-    sync && rm /permanent_data.sh
-
-# Services ports
-EXPOSE 55000/tcp 1514/tcp 1515/tcp 514/udp 1516/tcp
-
-ENTRYPOINT [ "/init" ]
--- a/wazuh-odfe/config/create_user.py
+++ b/wazuh-odfe/config/create_user.py
@@ -1,97 +0,0 @@
-import logging
-import sys
-import json
-import random
-import string
-import os
-
-# Set framework path
-sys.path.append(os.path.dirname(sys.argv[0]) + "/../framework")
-
-USER_FILE_PATH = "/var/ossec/api/configuration/admin.json"
-SPECIAL_CHARS = "@$!%*?&-_"
-
-
-try:
-    from wazuh.security import (
-        create_user,
-        get_users,
-        get_roles,
-        set_user_role,
-        update_user,
-    )
-except Exception as e:
-    logging.error("No module 'wazuh' found.")
-    sys.exit(1)
-
-
-def read_user_file(path=USER_FILE_PATH):
-    with open(path) as user_file:
-        data = json.load(user_file)
-        return data["username"], data["password"]
-
-
-def db_users():
-    users_result = get_users()
-    return {user["username"]: user["id"] for user in users_result.affected_items}
-
-
-def db_roles():
-    roles_result = get_roles()
-    return {role["name"]: role["id"] for role in roles_result.affected_items}
-
-def disable_user(uid):
-    random_pass = "".join(
-                random.choices(
-                    string.ascii_uppercase
-                    + string.ascii_lowercase
-                    + string.digits
-                    + SPECIAL_CHARS,
-                    k=8,
-                )
-            )
-    # assure there must be at least one character from each group
-    random_pass = random_pass + ''.join([random.choice(chars) for chars in [string.ascii_lowercase, string.digits, string.ascii_uppercase, SPECIAL_CHARS]])
-    random_pass = ''.join(random.sample(random_pass,len(random_pass)))
-    update_user(
-        user_id=[
-            str(uid),
-        ],
-        password=random_pass,
-    )
-
-
-if __name__ == "__main__":
-    if not os.path.exists(USER_FILE_PATH):
-        # abort if no user file detected
-        sys.exit(0)
-    username, password = read_user_file()
-    initial_users = db_users()
-    if username not in initial_users:
-        # create a new user
-        create_user(username=username, password=password)
-        users = db_users()
-        uid = users[username]
-        roles = db_roles()
-        rid = roles["administrator"]
-        set_user_role(
-            user_id=[
-                str(uid),
-            ],
-            role_ids=[
-                str(rid),
-            ],
-        )
-    else:
-        # modify an existing user ("wazuh" or "wazuh-wui")
-        uid = initial_users[username]
-        update_user(
-            user_id=[
-                str(uid),
-            ],
-            password=password,
-        )
-    # disable unused default users
-    for def_user in ['wazuh', 'wazuh-wui']:
-        if def_user != username:
-            disable_user(initial_users[def_user])
--- a/wazuh-odfe/config/etc/cont-init.d/0-wazuh-init
+++ b/wazuh-odfe/config/etc/cont-init.d/0-wazuh-init
@@ -1,207 +0,0 @@
-#!/usr/bin/with-contenv bash
-# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-
-# Variables
-source /permanent_data.env
-
-WAZUH_INSTALL_PATH=/var/ossec
-WAZUH_CONFIG_MOUNT=/wazuh-config-mount
-AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true}
-
-
-##############################################################################
-# Aux functions
-##############################################################################
-print() {
-  echo -e $1
-}
-
-error_and_exit() {
-  echo "Error executing command: '$1'."
-  echo 'Exiting.'
-  exit 1
-}
-
-exec_cmd() {
-  eval $1 > /dev/null 2>&1 || error_and_exit "$1"
-}
-
-exec_cmd_stdout() {
-  eval $1 2>&1 || error_and_exit "$1"
-}
-
-
-##############################################################################
-# This function will attempt to mount every directory in PERMANENT_DATA
-# into the respective path.
-# If the path is empty means permanent data volume is also empty, so a backup
-# will be copied into it. Otherwise it will not be copied because there is
-# already data inside the volume for the specified path.
-##############################################################################
-
-mount_permanent_data() {
-  for permanent_dir in "${PERMANENT_DATA[@]}"; do
-    # Check if the path is not empty
-    if find ${permanent_dir} -mindepth 1 | read; then
-      print "The path ${permanent_dir} is already mounted"
-    else
-      print "Installing ${permanent_dir}"
-      exec_cmd "cp -a ${WAZUH_INSTALL_PATH}/data_tmp/permanent${permanent_dir}/. ${permanent_dir}"
-    fi
-  done
-}
-
-##############################################################################
-# This function will replace from the permanent data volume every file
-# contained in PERMANENT_DATA_EXCP
-# Some files as 'internal_options.conf' are saved as permanent data, but
-# they must be updated to work properly if wazuh version is changed.
-##############################################################################
-
-apply_exclusion_data() {
-  for exclusion_file in "${PERMANENT_DATA_EXCP[@]}"; do
-    if [  -e ${WAZUH_INSTALL_PATH}/data_tmp/exclusion/${exclusion_file}  ]
-    then
-      DIR=$(dirname "${exclusion_file}")
-      if [ ! -e ${DIR}  ]
-      then
-        mkdir -p ${DIR}
-      fi
-
-      print "Updating ${exclusion_file}"
-      exec_cmd "cp -p ${WAZUH_INSTALL_PATH}/data_tmp/exclusion/${exclusion_file} ${exclusion_file}"
-    fi
-  done
-}
-
-##############################################################################
-# This function will rename in the permanent data volume every file
-# contained in PERMANENT_DATA_MOVE
-##############################################################################
-
-move_data_files() {
-  for mov_file in "${PERMANENT_DATA_MOVE[@]}"; do
-    file_split=( $mov_file )
-    if [ -e ${file_split[0]} ]
-    then
-      print "moving ${mov_file}"
-      exec_cmd "mv -f ${mov_file}"
-    fi
-  done
-}
-
-
-##############################################################################
-# This function will delete from the permanent data volume every file
-# contained in PERMANENT_DATA_DEL
-##############################################################################
-
-remove_data_files() {
-  for del_file in "${PERMANENT_DATA_DEL[@]}"; do
-    if [ -e ${del_file} ]
-    then
-      print "Removing ${del_file}"
-      exec_cmd "rm -f ${del_file}"
-    fi
-  done
-}
-
-##############################################################################
-# Create certificates: Manager
-##############################################################################
-
-create_ossec_key_cert() {
-  print "Creating wazuh-authd key and cert"
-  exec_cmd "openssl genrsa -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.key 4096"
-  exec_cmd "openssl req -new -x509 -key ${WAZUH_INSTALL_PATH}/etc/sslmanager.key -out ${WAZUH_INSTALL_PATH}/etc/sslmanager.cert -days 3650 -subj /CN=${HOSTNAME}/"
-}
-
-##############################################################################
-# Copy all files from $WAZUH_CONFIG_MOUNT to $WAZUH_INSTALL_PATH and respect
-# destination files permissions
-#
-# For example, to mount the file /var/ossec/data/etc/ossec.conf, mount it at
-# $WAZUH_CONFIG_MOUNT/etc/ossec.conf in your container and this code will
-# replace the ossec.conf file in /var/ossec/data/etc with yours.
-##############################################################################
-
-mount_files() {
-  if [ -e "$WAZUH_CONFIG_MOUNT" ]
-  then
-    print "Identified Wazuh configuration files to mount..."
-    exec_cmd_stdout "cp --verbose -r $WAZUH_CONFIG_MOUNT/* $WAZUH_INSTALL_PATH"
-  else
-    print "No Wazuh configuration files to mount..."
-  fi
-}
-
-
-##############################################################################
-# Allow users to set the container hostname as <node_name> dynamically on
-# container start.
-#
-# To use this:
-# 1. Create your own ossec.conf file
-# 2. In your ossec.conf file, set to_be_replaced_by_hostname as your node_name
-# 3. Mount your custom ossec.conf file at $WAZUH_CONFIG_MOUNT/etc/ossec.conf
-##############################################################################
-
-set_custom_hostname() {
-  sed -i 's/<node_name>to_be_replaced_by_hostname<\/node_name>/<node_name>'"${HOSTNAME}"'<\/node_name>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf
-}
-
-##############################################################################
-# Allow users to set the container cluster key dynamically on
-# container start.
-#
-# To use this:
-# 1. Create your own ossec.conf file
-# 2. In your ossec.conf file, set to_be_replaced_by_cluster_key as your key
-# 3. Mount your custom ossec.conf file at $WAZUH_CONFIG_MOUNT/etc/ossec.conf
-##############################################################################
-
-set_custom_cluster_key() {
-  sed -i 's/<key>to_be_replaced_by_cluster_key<\/key>/<key>'"${WAZUH_CLUSTER_KEY}"'<\/key>/g' ${WAZUH_INSTALL_PATH}/etc/ossec.conf
-}
-
-##############################################################################
-# Main function
-##############################################################################
-
-main() {
-  # Mount permanent data  (i.e. ossec.conf)
-  mount_permanent_data
-
-  # Restore files stored in permanent data that are not permanent  (i.e. internal_options.conf)
-  apply_exclusion_data
-
-  # Rename files stored in permanent data (i.e. queue/ossec)
-  move_data_files
-
-  # Remove some files in permanent_data (i.e. .template.db)
-  remove_data_files
-
-  # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
-  if [ $AUTO_ENROLLMENT_ENABLED == true ]
-  then
-    if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
-    then
-      create_ossec_key_cert
-    fi
-  fi
-
-  # Mount selected files (WAZUH_CONFIG_MOUNT) to container
-  mount_files
-
-  # Allow setting custom hostname
-  set_custom_hostname
-
-  # Allow setting custom cluster key
-  set_custom_cluster_key
-
-  # Delete temporary data folder
-  rm -rf ${WAZUH_INSTALL_PATH}/data_tmp
-
-}
-
-main
--- a/wazuh-odfe/config/etc/cont-init.d/1-config-filebeat
+++ b/wazuh-odfe/config/etc/cont-init.d/1-config-filebeat
@@ -1,45 +0,0 @@
-#!/usr/bin/with-contenv bash
-# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-
-set -e
-
-if [ "$ELASTICSEARCH_URL" != "" ]; then
-  >&2 echo "Customize Elasticsearch ouput IP"
-  sed -i "s|hosts:.*|hosts: ['$ELASTICSEARCH_URL']|g" /etc/filebeat/filebeat.yml
-fi
-
-# Configure filebeat.yml security settings
-
-if [ "$ELASTIC_USERNAME" != "" ]; then
-  >&2 echo "Configuring username."
-  sed -i "s|#username:.*|username: '$ELASTIC_USERNAME'|g" /etc/filebeat/filebeat.yml
-fi
-
-if [ "$ELASTIC_PASSWORD" != "" ]; then
-  >&2 echo "Configuring password."
-  sed -i "s|#password:.*|password: '$ELASTIC_PASSWORD'|g" /etc/filebeat/filebeat.yml
-fi
-
-if [ "$FILEBEAT_SSL_VERIFICATION_MODE" != "" ]; then
-  >&2 echo "Configuring SSL verification mode."
-  sed -i "s|#ssl.verification_mode:.*|ssl.verification_mode: $FILEBEAT_SSL_VERIFICATION_MODE|g" /etc/filebeat/filebeat.yml
-fi
-
-if [ "$SSL_CERTIFICATE_AUTHORITIES" != "" ]; then
-  >&2 echo "Configuring Certificate Authorities."
-  sed -i "s|#ssl.certificate_authorities:.*|ssl.certificate_authorities: ['$SSL_CERTIFICATE_AUTHORITIES']|g" /etc/filebeat/filebeat.yml
-fi
-
-if [ "$SSL_CERTIFICATE" != "" ]; then
-  >&2 echo "Configuring SSL Certificate."
-  sed -i "s|#ssl.certificate:.*|ssl.certificate: '$SSL_CERTIFICATE'|g" /etc/filebeat/filebeat.yml
-fi
-
-if [ "$SSL_KEY" != "" ]; then
-  >&2 echo "Configuring SSL Key."
-  sed -i "s|#ssl.key:.*|ssl.key: '$SSL_KEY'|g" /etc/filebeat/filebeat.yml
-fi
-
-
-chmod go-w /etc/filebeat/filebeat.yml || true
-chown root: /etc/filebeat/filebeat.yml || true
--- a/wazuh-odfe/config/etc/cont-init.d/2-manager
+++ b/wazuh-odfe/config/etc/cont-init.d/2-manager
@@ -1,126 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-##############################################################################
-# Migration sequence
-# Detect if there is a mounted volume on /wazuh-migration and copy the data
-# to /var/ossec, finally it will create a flag ".migration-completed" inside
-# the mounted volume
-##############################################################################
-
-function __colortext()
-{
-  echo -e " \e[1;$2m$1\e[0m"
-}
-
-function echogreen()
-{
-  echo $(__colortext "$1" "32")
-}
-
-function echoyellow()
-{
-  echo $(__colortext "$1" "33")
-}
-
-function echored()
-{
-  echo $(__colortext "$1" "31")
-}
-
-function_wazuh_migration(){
-  if [ -d "/wazuh-migration" ]; then
-    if [ ! -e /wazuh-migration/.migration-completed ]; then
-      if [ ! -e /wazuh-migration/global.db ]; then
-        echoyellow "The volume mounted on /wazuh-migration does not contain all the correct files."
-        return
-      fi
-
-      \cp -f /wazuh-migration/data/etc/ossec.conf /var/ossec/etc/ossec.conf
-      chown root:ossec /var/ossec/etc/ossec.conf
-      chmod 640 /var/ossec/etc/ossec.conf
-
-      \cp -f /wazuh-migration/data/etc/client.keys /var/ossec/etc/client.keys
-      chown ossec:ossec /var/ossec/etc/client.keys
-      chmod 640 /var/ossec/etc/client.keys
-
-      \cp -f /wazuh-migration/data/etc/sslmanager.cert /var/ossec/etc/sslmanager.cert
-      \cp -f /wazuh-migration/data/etc/sslmanager.key /var/ossec/etc/sslmanager.key
-      chown root:root /var/ossec/etc/sslmanager.cert /var/ossec/etc/sslmanager.key
-      chmod 640 /var/ossec/etc/sslmanager.cert /var/ossec/etc/sslmanager.key
-
-      \cp -f /wazuh-migration/data/etc/shared/default/agent.conf /var/ossec/etc/shared/default/agent.conf
-      chown ossec:ossec /var/ossec/etc/shared/default/agent.conf
-      chmod 660 /var/ossec/etc/shared/default/agent.conf
-
-      \cp -f /wazuh-migration/data/etc/decoders/* /var/ossec/etc/decoders/
-      chown ossec:ossec /var/ossec/etc/decoders/*
-      chmod 660 /var/ossec/etc/decoders/*
-
-      \cp -f /wazuh-migration/data/etc/rules/* /var/ossec/etc/rules/
-      chown ossec:ossec /var/ossec/etc/rules/*
-      chmod 660 /var/ossec/etc/rules/*
-
-      if [ -e /wazuh-migration/data/agentless/.passlist ]; then
-        \cp -f /wazuh-migration/data/agentless/.passlist /var/ossec/agentless/.passlist
-        chown root:ossec /var/ossec/agentless/.passlist
-        chmod 640 /var/ossec/agentless/.passlist
-      fi
-
-      \cp -f /wazuh-migration/global.db /var/ossec/queue/db/global.db
-      chown ossec:ossec /var/ossec/queue/db/global.db
-      chmod 640 /var/ossec/queue/db/global.db
-
-      # mark volume as migrated
-      touch /wazuh-migration/.migration-completed
-
-      echogreen "Migration completed succesfully"
-    else
-      echoyellow "This volume has already been migrated. You may proceed and remove it from the mount point (/wazuh-migration)"
-    fi
-  fi
-}
-
-function_create_custom_user() {
-  if [[ ! -z $API_USERNAME ]] && [[ ! -z $API_PASSWORD ]]; then
-  cat << EOF > /var/ossec/api/configuration/admin.json
-{
-  "username": "$API_USERNAME",
-  "password": "$API_PASSWORD"
-}
-EOF
-
-    # create or customize API user
-    if /var/ossec/framework/python/bin/python3  /var/ossec/framework/scripts/create_user.py; then
-      # remove json if exit code is 0
-      rm /var/ossec/api/configuration/admin.json
-    else
-      echored "There was an error configuring the API user"
-      # terminate container to avoid unpredictable behavior
-      exec s6-svscanctl -t /var/run/s6/services
-      exit 1
-    fi
-  fi
-}
-
-function_entrypoint_scripts() {
-  # It will run every .sh script located in entrypoint-scripts folder in lexicographical order
-  if [ -d "/entrypoint-scripts/" ]
-  then
-    for script in `ls /entrypoint-scripts/*.sh | sort -n`; do
-      bash "$script"
-    done
-  fi
-}
-
-
-# Migrate data from /wazuh-migration volume
-function_wazuh_migration
-
-# create API custom user
-function_create_custom_user
-
-# run entrypoint scripts
-function_entrypoint_scripts
-
-# Start Wazuh
-/var/ossec/bin/wazuh-control start
--- a/wazuh-odfe/config/etc/services.d/filebeat/finish
+++ b/wazuh-odfe/config/etc/services.d/filebeat/finish
@@ -1,6 +0,0 @@
-#!/usr/bin/env sh
-echo >&2 "Filebeat exited. code=${1}"
-
-# terminate other services to exit from the container
-exec s6-svscanctl -t /var/run/s6/services
-
--- a/wazuh-odfe/config/etc/services.d/filebeat/run
+++ b/wazuh-odfe/config/etc/services.d/filebeat/run
@@ -1,4 +0,0 @@
-#!/usr/bin/with-contenv sh
-echo >&2 "starting Filebeat"
-
-exec /usr/share/filebeat/bin/filebeat -e -c /etc/filebeat/filebeat.yml -path.home /usr/share/filebeat -path.config /etc/filebeat -path.data /var/lib/filebeat -path.logs /var/log/filebeat
--- a/wazuh-odfe/config/etc/services.d/ossec-logs/run
+++ b/wazuh-odfe/config/etc/services.d/ossec-logs/run
@@ -1,4 +0,0 @@
-#!/usr/bin/with-contenv sh
-
-# dumping ossec.log to standard output
-exec tail -f /var/ossec/logs/ossec.log
--- a/wazuh-odfe/config/filebeat.yml
+++ b/wazuh-odfe/config/filebeat.yml
@@ -1,22 +0,0 @@
-
-# Wazuh - Filebeat configuration file
-filebeat.modules:
-  - module: wazuh
-    alerts:
-      enabled: true
-    archives:
-      enabled: false
-
-setup.template.json.enabled: true
-setup.template.json.path: '/etc/filebeat/wazuh-template.json'
-setup.template.json.name: 'wazuh'
-setup.template.overwrite: true
-setup.ilm.enabled: false
-output.elasticsearch:
-  hosts: ['https://elasticsearch:9200']
-  #username:
-  #password:
-  #ssl.verification_mode:
-  #ssl.certificate_authorities:
-  #ssl.certificate:
-  #ssl.key:
--- a/wazuh-odfe/config/permanent_data.env
+++ b/wazuh-odfe/config/permanent_data.env
@@ -1,72 +0,0 @@
-# Permanent data mounted in volumes
-i=0
-PERMANENT_DATA[((i++))]="/var/ossec/api/configuration"
-PERMANENT_DATA[((i++))]="/var/ossec/etc"
-PERMANENT_DATA[((i++))]="/var/ossec/logs"
-PERMANENT_DATA[((i++))]="/var/ossec/queue"
-PERMANENT_DATA[((i++))]="/var/ossec/agentless"
-PERMANENT_DATA[((i++))]="/var/ossec/var/multigroups"
-PERMANENT_DATA[((i++))]="/var/ossec/integrations"
-PERMANENT_DATA[((i++))]="/var/ossec/active-response/bin"
-PERMANENT_DATA[((i++))]="/var/ossec/wodles"
-PERMANENT_DATA[((i++))]="/etc/filebeat"
-
-export PERMANENT_DATA
-
-# Files mounted in a volume that should not be permanent
-i=0
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/etc/internal_options.conf"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/pagerduty"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/slack.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/integrations/virustotal.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/default-firewall-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/disable-account"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewalld-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/firewall-drop"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/host-deny"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ip-customblock"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/ipfw"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/kaspersky"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/npf"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/wazuh-slack"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/pf"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart-wazuh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/restart.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/active-response/bin/route-null"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/sshlogin.exp"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_pixconfig_diff"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_asa-fwsmconfig_diff"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_integrity_check_bsd"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/main.exp"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/su.exp"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_integrity_check_linux"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/register_host.sh"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_generic_diff"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_foundry_diff"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh_nopass.exp"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/agentless/ssh.exp"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/aws/aws-s3.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/azure/azure-logs.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/docker/DockerListener.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/gcloud.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/integration.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/gcloud/tools.py"
-PERMANENT_DATA_EXCP[((i++))]="/var/ossec/wodles/utils.py"
-export PERMANENT_DATA_EXCP
-
-# Files mounted in a volume that should be deleted
-i=0
-PERMANENT_DATA_DEL[((i++))]="/var/ossec/queue/db/.template.db"
-export PERMANENT_DATA_DEL
-
-i=0
-PERMANENT_DATA_MOVE[((i++))]="/var/ossec/logs/ossec /var/ossec/logs/wazuh"
-PERMANENT_DATA_MOVE[((i++))]="/var/ossec/queue/ossec /var/ossec/queue/sockets"
-export PERMANENT_DATA_MOVE
--- a/wazuh-odfe/config/permanent_data.sh
+++ b/wazuh-odfe/config/permanent_data.sh
@@ -1,40 +0,0 @@
-#!/bin/bash
-# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-
-# Variables
-source /permanent_data.env
-
-WAZUH_INSTALL_PATH=/var/ossec
-DATA_TMP_PATH=${WAZUH_INSTALL_PATH}/data_tmp
-mkdir ${DATA_TMP_PATH}
-
-# Move exclusion files to EXCLUSION_PATH
-EXCLUSION_PATH=${DATA_TMP_PATH}/exclusion
-mkdir ${EXCLUSION_PATH}
-
-for exclusion_file in "${PERMANENT_DATA_EXCP[@]}"; do
-  # Create the directory for the exclusion file if it does not exist
-  DIR=$(dirname "${exclusion_file}")
-  if [ ! -e ${EXCLUSION_PATH}/${DIR}  ]
-  then
-    mkdir -p ${EXCLUSION_PATH}/${DIR}
-  fi
-
-  mv ${exclusion_file} ${EXCLUSION_PATH}/${exclusion_file}
-done
-
-# Move permanent files to PERMANENT_PATH
-PERMANENT_PATH=${DATA_TMP_PATH}/permanent
-mkdir ${PERMANENT_PATH}
-
-for permanent_dir in "${PERMANENT_DATA[@]}"; do
-  # Create the directory for the permanent file if it does not exist
-  DIR=$(dirname "${permanent_dir}")
-  if [ ! -e ${PERMANENT_PATH}${DIR}  ]
-  then
-    mkdir -p ${PERMANENT_PATH}${DIR}
-  fi
-  
-  mv ${permanent_dir} ${PERMANENT_PATH}${permanent_dir}
-
-done
--- a/wazuh/Dockerfile
+++ b/wazuh/Dockerfile
@@ -0,0 +1,35 @@
+FROM centos:latest
+
+COPY config/*.repo /etc/yum.repos.d/
+
+RUN yum -y update; yum clean all;
+RUN yum -y install epel-release openssl useradd; yum clean all
+RUN yum -y install postfix mailx cyrus-sasl cyrus-sasl-plain; yum clean all
+RUN groupadd -g 1000 ossec
+RUN useradd -u 1000 -g 1000 ossec
+RUN yum install -y wazuh-manager wazuh-api
+
+
+ADD config/data_dirs.env /data_dirs.env
+ADD config/init.bash /init.bash
+# Sync calls are due to https://github.com/docker/docker/issues/9547
+RUN chmod 755 /init.bash &&\
+  sync && /init.bash &&\
+  sync && rm /init.bash
+
+
+RUN  curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.4.2-x86_64.rpm &&\
+  rpm -vi filebeat-5.4.2-x86_64.rpm && rm filebeat-5.4.2-x86_64.rpm
+
+COPY config/filebeat.yml /etc/filebeat/
+
+ADD config/run.sh /tmp/run.sh
+RUN chmod 755 /tmp/run.sh
+
+VOLUME ["/var/ossec/data"]
+
+EXPOSE 55000/tcp 1514/udp 1515/tcp 514/udp
+
+# Run supervisord so that the container will stay alive
+
+ENTRYPOINT ["/tmp/run.sh"]
--- a/wazuh/config/data_dirs.env
+++ b/wazuh/config/data_dirs.env
@@ -0,0 +1,9 @@
+i=0
+DATA_DIRS[((i++))]="etc"
+DATA_DIRS[((i++))]="ruleset"
+DATA_DIRS[((i++))]="logs"
+DATA_DIRS[((i++))]="stats"
+DATA_DIRS[((i++))]="queue"
+DATA_DIRS[((i++))]="var/db"
+DATA_DIRS[((i++))]="api"
+export DATA_DIRS
--- a/wazuh/config/filebeat.yml
+++ b/wazuh/config/filebeat.yml
@@ -0,0 +1,16 @@
+filebeat:
+ prospectors:
+  - input_type: log
+    paths:
+     - "/var/ossec/data/logs/alerts/alerts.json"
+    document_type: wazuh-alerts
+    json.message_key: log
+    json.keys_under_root: true
+    json.overwrite_keys: true
+
+output:
+ logstash:
+   # The Logstash hosts
+   hosts: ["logstash:5000"]
+#   ssl:
+#     certificate_authorities: ["/etc/filebeat/logstash.crt"]
--- a/wazuh/config/init.bash
+++ b/wazuh/config/init.bash
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+#
+# Initialize the custom data directory layout
+#
+source /data_dirs.env
+
+cd /var/ossec
+for ossecdir in "${DATA_DIRS[@]}"; do
+  mv ${ossecdir} ${ossecdir}-template
+  ln -s $(realpath --relative-to=$(dirname ${ossecdir}) data)/${ossecdir} ${ossecdir}
+done
--- a/wazuh/config/run.sh
+++ b/wazuh/config/run.sh
@@ -0,0 +1,79 @@
+#!/bin/bash
+
+#
+# OSSEC container bootstrap. See the README for information of the environment
+# variables expected by this script.
+#
+
+#
+
+#
+# Startup the services
+#
+
+source /data_dirs.env
+FIRST_TIME_INSTALLATION=false
+DATA_PATH=/var/ossec/data
+
+for ossecdir in "${DATA_DIRS[@]}"; do
+  if [ ! -e "${DATA_PATH}/${ossecdir}" ]
+  then
+    echo "Installing ${ossecdir}"
+    mkdir -p $(dirname ${DATA_PATH}/${ossecdir})
+    cp -pr /var/ossec/${ossecdir}-template ${DATA_PATH}/${ossecdir}
+    FIRST_TIME_INSTALLATION=true
+  fi
+done
+
+touch ${DATA_PATH}/process_list
+chgrp ossec ${DATA_PATH}/process_list
+chmod g+rw ${DATA_PATH}/process_list
+
+AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true}
+
+if [ $FIRST_TIME_INSTALLATION == true ]
+then
+
+  if [ $AUTO_ENROLLMENT_ENABLED == true ]
+  then
+    if [ ! -e ${DATA_PATH}/etc/sslmanager.key ]
+    then
+      echo "Creating ossec-authd key and cert"
+      openssl genrsa -out ${DATA_PATH}/etc/sslmanager.key 4096
+      openssl req -new -x509 -key ${DATA_PATH}/etc/sslmanager.key\
+        -out ${DATA_PATH}/etc/sslmanager.cert -days 3650\
+        -subj /CN=${HOSTNAME}/
+    fi
+  fi
+fi
+
+function ossec_shutdown(){
+  /var/ossec/bin/ossec-control stop;
+  if [ $AUTO_ENROLLMENT_ENABLED == true ]
+  then
+     kill $AUTHD_PID
+  fi
+}
+
+# Trap exit signals and do a proper shutdown
+trap "ossec_shutdown; exit" SIGINT SIGTERM
+
+chmod -R g+rw ${DATA_PATH}
+
+if [ $AUTO_ENROLLMENT_ENABLED == true ]
+then
+  echo "Starting ossec-authd..."
+  /var/ossec/bin/ossec-authd -p 1515 -g ossec $AUTHD_OPTIONS >/dev/null 2>&1 &
+  AUTHD_PID=$!
+fi
+sleep 15 # give ossec a reasonable amount of time to start before checking status
+LAST_OK_DATE=`date +%s`
+
+## Start services
+/usr/sbin/postfix start
+/bin/node /var/ossec/api/app.js &
+/usr/bin/filebeat.sh &
+/var/ossec/bin/ossec-control restart
+
+
+tail -f /var/ossec/logs/ossec.log
--- a/wazuh-odfe/config/wazuh.repo
+++ b/wazuh-odfe/config/wazuh.repo
@@ -2,6 +2,6 @@
 gpgcheck=1
 gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH
 enabled=1
-name=Wazuh repository
-baseurl=https://packages.wazuh.com/4.x/yum/
+name=CENTOS-$releasever - Wazuh
+baseurl=https://packages.wazuh.com/yum/el/$releasever/$basearch
 protect=1
--- a/xpack-compose.yml
+++ b/xpack-compose.yml
@@ -1,186 +0,0 @@
-# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-version: '3.7'
-
-services:
-  wazuh:
-    image: wazuh/wazuh:4.2.7
-    hostname: wazuh-manager
-    restart: always
-    ports:
-      - "1514:1514"
-      - "1515:1515"
-      - "514:514/udp"
-      - "55000:55000"
-    environment:
-      - ELASTICSEARCH_URL=https://elasticsearch:9200
-      - ELASTIC_USERNAME=elastic
-      - ELASTIC_PASSWORD=SecretPassword
-      - FILEBEAT_SSL_VERIFICATION_MODE=none
-      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/ca.crt
-      - SSL_CERTIFICATE=/etc/ssl/wazuh.crt
-      - SSL_KEY=/etc/ssl/wazuh.key
-    volumes:
-      - ossec_api_configuration:/var/ossec/api/configuration
-      - ossec_etc:/var/ossec/etc
-      - ossec_logs:/var/ossec/logs
-      - ossec_queue:/var/ossec/queue
-      - ossec_var_multigroups:/var/ossec/var/multigroups
-      - ossec_integrations:/var/ossec/integrations
-      - ossec_active_response:/var/ossec/active-response/bin
-      - ossec_agentless:/var/ossec/agentless
-      - ossec_wodles:/var/ossec/wodles
-      - filebeat_etc:/etc/filebeat
-      - filebeat_var:/var/lib/filebeat
-      - ./xpack/ca/ca.crt:/etc/ssl/ca.crt
-      - ./xpack/wazuh/wazuh.crt:/etc/ssl/wazuh.crt
-      - ./xpack/wazuh/wazuh.key:/etc/ssl/wazuh.key
-
-
-  elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
-    hostname: elasticsearch
-    restart: always
-    ports:
-      - "9200:9200"
-    environment:
-      - cluster.name=wazuh-cluster
-      - node.name=elasticsearch
-      - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
-      - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
-      - ELASTIC_PASSWORD=SecretPassword
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-      - bootstrap.memory_lock=true
-      - xpack.license.self_generated.type=basic
-      - xpack.security.enabled=true
-      - xpack.security.http.ssl.enabled=true
-      - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
-      - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
-      - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
-      - xpack.security.transport.ssl.enabled=true
-      - xpack.security.transport.ssl.verification_mode=certificate
-      - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
-      - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
-      - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
-    volumes:
-      - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
-      - ./xpack/elasticsearch/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key
-      - ./xpack/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt
-
-  elasticsearch2:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
-    hostname: elasticsearch2
-    restart: always
-    environment:
-      - cluster.name=wazuh-cluster
-      - node.name=elasticsearch2
-      - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
-      - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
-      - ELASTIC_PASSWORD=SecretPassword
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-      - bootstrap.memory_lock=true
-      - xpack.license.self_generated.type=basic
-      - xpack.security.enabled=true
-      - xpack.security.http.ssl.enabled=true
-      - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
-      - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
-      - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
-      - xpack.security.transport.ssl.enabled=true
-      - xpack.security.transport.ssl.verification_mode=certificate
-      - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
-      - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
-      - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
-    volumes:
-      - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
-      - ./xpack/elasticsearch2/elasticsearch2.key:/usr/share/elasticsearch/config/elasticsearch.key
-      - ./xpack/elasticsearch2/elasticsearch2.crt:/usr/share/elasticsearch/config/elasticsearch.crt
-
-  elasticsearch3:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
-    hostname: elasticsearch3
-    restart: always
-    environment:
-      - cluster.name=wazuh-cluster
-      - node.name=elasticsearch3
-      - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
-      - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
-      - ELASTIC_PASSWORD=SecretPassword
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-      - bootstrap.memory_lock=true
-      - xpack.license.self_generated.type=basic
-      - xpack.security.enabled=true
-      - xpack.security.http.ssl.enabled=true
-      - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
-      - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
-      - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
-      - xpack.security.transport.ssl.enabled=true
-      - xpack.security.transport.ssl.verification_mode=certificate
-      - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
-      - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
-      - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
-    volumes:
-      - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
-      - ./xpack/elasticsearch3/elasticsearch3.key:/usr/share/elasticsearch/config/elasticsearch.key
-      - ./xpack/elasticsearch3/elasticsearch3.crt:/usr/share/elasticsearch/config/elasticsearch.crt
-
-
-
-  kibana:
-    image: wazuh/wazuh-kibana:4.2.7
-    hostname: kibana
-    restart: always
-    ports:
-      - 443:5601
-    environment:
-      - SERVERNAME=localhost
-      - ELASTICSEARCH_USERNAME=elastic
-      - ELASTICSEARCH_PASSWORD=SecretPassword
-      - ELASTICSEARCH_URL=https://elasticsearch:9200
-      - ELASTICSEARCH_HOSTS=https://elasticsearch:9200
-      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=/usr/share/kibana/config/ca.crt
-      - SERVER_SSL_ENABLED=true
-      - XPACK_SECURITY_ENABLED=true
-      - SERVER_SSL_KEY=/usr/share/kibana/config/kibana.key
-      - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/kibana.crt
-    volumes:
-      - ./xpack/ca/ca.crt:/usr/share/kibana/config/ca.crt
-      - ./xpack/kibana/kibana.key:/usr/share/kibana/config/kibana.key
-      - ./xpack/kibana/kibana.crt:/usr/share/kibana/config/kibana.crt
-    depends_on:
-      - elasticsearch
-    links:
-      - elasticsearch:elasticsearch
-      - wazuh:wazuh
-
-volumes:
-  ossec_api_configuration:
-  ossec_etc:
-  ossec_logs:
-  ossec_queue:
-  ossec_var_multigroups:
-  ossec_integrations:
-  ossec_active_response:
-  ossec_agentless:
-  ossec_wodles:
-  filebeat_etc:
-  filebeat_var:
--- a/xpack-from-sources.yml
+++ b/xpack-from-sources.yml
@@ -1,192 +0,0 @@
-# Wazuh App Copyright (C) 2021 Wazuh Inc. (License GPLv2)
-version: '3.7'
-
-services:
-  wazuh:
-    build:
-      context: wazuh-odfe/
-      args:
-        - FILEBEAT_CHANNEL=filebeat
-        - FILEBEAT_VERSION=7.11.2
-    image: wazuh/wazuh:4.2.7
-    hostname: wazuh-manager
-    restart: always
-    ports:
-      - "1514:1514"
-      - "1515:1515"
-      - "514:514/udp"
-      - "55000:55000"
-    environment:
-      - ELASTICSEARCH_URL=https://elasticsearch:9200
-      - ELASTIC_USERNAME=elastic
-      - ELASTIC_PASSWORD=SecretPassword
-      - FILEBEAT_SSL_VERIFICATION_MODE=none
-      - SSL_CERTIFICATE_AUTHORITIES=/etc/ssl/ca.crt
-      - SSL_CERTIFICATE=/etc/ssl/wazuh.crt
-      - SSL_KEY=/etc/ssl/wazuh.key
-    volumes:
-      - ossec_api_configuration:/var/ossec/api/configuration
-      - ossec_etc:/var/ossec/etc
-      - ossec_logs:/var/ossec/logs
-      - ossec_queue:/var/ossec/queue
-      - ossec_var_multigroups:/var/ossec/var/multigroups
-      - ossec_integrations:/var/ossec/integrations
-      - ossec_active_response:/var/ossec/active-response/bin
-      - ossec_agentless:/var/ossec/agentless
-      - ossec_wodles:/var/ossec/wodles
-      - filebeat_etc:/etc/filebeat
-      - filebeat_var:/var/lib/filebeat
-      - ./xpack/ca/ca.crt:/etc/ssl/ca.crt
-      - ./xpack/wazuh/wazuh.crt:/etc/ssl/wazuh.crt
-      - ./xpack/wazuh/wazuh.key:/etc/ssl/wazuh.key
-
-
-  elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
-    hostname: elasticsearch
-    restart: always
-    ports:
-      - "9200:9200"
-    environment:
-      - cluster.name=wazuh-cluster
-      - node.name=elasticsearch
-      - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
-      - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
-      - ELASTIC_PASSWORD=SecretPassword
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-      - bootstrap.memory_lock=true
-      - xpack.license.self_generated.type=basic
-      - xpack.security.enabled=true
-      - xpack.security.http.ssl.enabled=true
-      - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
-      - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
-      - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
-      - xpack.security.transport.ssl.enabled=true
-      - xpack.security.transport.ssl.verification_mode=certificate
-      - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
-      - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
-      - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
-    volumes:
-      - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
-      - ./xpack/elasticsearch/elasticsearch.key:/usr/share/elasticsearch/config/elasticsearch.key
-      - ./xpack/elasticsearch/elasticsearch.crt:/usr/share/elasticsearch/config/elasticsearch.crt
-
-  elasticsearch2:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
-    hostname: elasticsearch2
-    restart: always
-    environment:
-      - cluster.name=wazuh-cluster
-      - node.name=elasticsearch2
-      - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
-      - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
-      - ELASTIC_PASSWORD=SecretPassword
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-      - bootstrap.memory_lock=true
-      - xpack.license.self_generated.type=basic
-      - xpack.security.enabled=true
-      - xpack.security.http.ssl.enabled=true
-      - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
-      - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
-      - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
-      - xpack.security.transport.ssl.enabled=true
-      - xpack.security.transport.ssl.verification_mode=certificate
-      - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
-      - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
-      - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
-    volumes:
-      - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
-      - ./xpack/elasticsearch2/elasticsearch2.key:/usr/share/elasticsearch/config/elasticsearch.key
-      - ./xpack/elasticsearch2/elasticsearch2.crt:/usr/share/elasticsearch/config/elasticsearch.crt
-
-  elasticsearch3:
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.11.2
-    hostname: elasticsearch3
-    restart: always
-    environment:
-      - cluster.name=wazuh-cluster
-      - node.name=elasticsearch3
-      - discovery.seed_hosts=elasticsearch,elasticsearch2,elasticsearch3
-      - cluster.initial_master_nodes=elasticsearch,elasticsearch2,elasticsearch3
-      - ELASTIC_PASSWORD=SecretPassword
-      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-      - bootstrap.memory_lock=true
-      - xpack.license.self_generated.type=basic
-      - xpack.security.enabled=true
-      - xpack.security.http.ssl.enabled=true
-      - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
-      - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
-      - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
-      - xpack.security.transport.ssl.enabled=true
-      - xpack.security.transport.ssl.verification_mode=certificate
-      - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/ca.crt
-      - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/elasticsearch.key
-      - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/elasticsearch.crt
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-      nofile:
-        soft: 65536
-        hard: 65536
-    volumes:
-      - ./xpack/ca/ca.crt:/usr/share/elasticsearch/config/ca.crt
-      - ./xpack/elasticsearch3/elasticsearch3.key:/usr/share/elasticsearch/config/elasticsearch.key
-      - ./xpack/elasticsearch3/elasticsearch3.crt:/usr/share/elasticsearch/config/elasticsearch.crt
-
-
-
-  kibana:
-    build: kibana/
-    image: wazuh/wazuh-kibana:4.2.7
-    hostname: kibana
-    restart: always
-    ports:
-      - 443:5601
-    environment:
-      - SERVERNAME=localhost
-      - ELASTICSEARCH_USERNAME=elastic
-      - ELASTICSEARCH_PASSWORD=SecretPassword
-      - ELASTICSEARCH_URL=https://elasticsearch:9200
-      - ELASTICSEARCH_HOSTS=https://elasticsearch:9200
-      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=/usr/share/kibana/config/ca.crt
-      - SERVER_SSL_ENABLED=true
-      - XPACK_SECURITY_ENABLED=true
-      - SERVER_SSL_KEY=/usr/share/kibana/config/kibana.key
-      - SERVER_SSL_CERTIFICATE=/usr/share/kibana/config/kibana.crt
-    volumes:
-      - ./xpack/ca/ca.crt:/usr/share/kibana/config/ca.crt
-      - ./xpack/kibana/kibana.key:/usr/share/kibana/config/kibana.key
-      - ./xpack/kibana/kibana.crt:/usr/share/kibana/config/kibana.crt
-    depends_on:
-      - elasticsearch
-    links:
-      - elasticsearch:elasticsearch
-      - wazuh:wazuh
-
-volumes:
-  ossec_api_configuration:
-  ossec_etc:
-  ossec_logs:
-  ossec_queue:
-  ossec_var_multigroups:
-  ossec_integrations:
-  ossec_active_response:
-  ossec_agentless:
-  ossec_wodles:
-  filebeat_etc:
-  filebeat_var:
--- a/xpack/instances.yml
+++ b/xpack/instances.yml
@@ -1,35 +0,0 @@
-instances:
-  - name: elasticsearch
-    dns:
-      - elasticsearch
-      - localhost
-    ip:
-      - 127.0.0.1
-
-  - name: elasticsearch2
-    dns:
-      - elasticsearch2
-      - localhost
-    ip:
-      - 127.0.0.1
-
-  - name: elasticsearch3
-    dns:
-      - elasticsearch3
-      - localhost
-    ip:
-      - 127.0.0.1
-
-  - name: kibana
-    dns:
-      - kibana
-      - localhost
-    ip:
-      - 127.0.0.1
-
-  - name: wazuh
-    dns:
-      - wazuh
-      - localhost
-    ip:
-      - 127.0.0.1
				`@@ -1 +0,0 @@`
				<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 84.67 84.67"><defs><style>.a{fill:#fff;}.b{fill:#00a9e5;}</style></defs><title>wazuh_logo_circle</title><circle class="a" cx="42.34" cy="42.34" r="42.34"/><path class="b" d="M58.13,9.2,50,26.32H35.07L26.16,9.2,20,31l-8.53,9.72,19.18,17.6,7.47,17.21h8.53l7-16.91L73.24,40.83l-8.73-9.57ZM48.58,55.13a1.79,1.79,0,0,1-.74.62,2.49,2.49,0,0,1-1,.2,2.52,2.52,0,0,1-1-.2,1.84,1.84,0,0,1-.71-.62l-2.88-4.36-2.9,4.36a1.87,1.87,0,0,1-.72.62,2.48,2.48,0,0,1-.95.2,1.94,1.94,0,0,1-1.7-.82L21.3,41.37h4.09L37.87,52.3l2.49-3.89h3.93L47,52.3,59.63,40.9h3.74Z"/></svg>