paulmataruso/wazuh-docker-orginal
1
0
Fork 0
mirror of https://github.com/wazuh/wazuh-docker.git synced 2025-10-23 16:14:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3593e5ed8ca6799394b09bbf63986f271c5f321e
wazuh-docker-orginal/docs/ref/Introduction/description.md
vcerenu 1eae96ee4d Add reference documentation
2025-05-16 14:09:15 -03:00

3.3 KiB
Raw Blame History

Reference Manual - Description

This section provides a detailed description of Wazuh-docker (version 4.12.2), its components, and its architecture when deployed using Docker containers. Understanding these aspects is key to effectively deploying and managing your Wazuh environment.

What is Wazuh?

Wazuh is a free, open-source, and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response, and compliance. It consists of several key components that work together to provide comprehensive security visibility.

What is Wazuh-docker?

Wazuh-docker is a project that provides Docker images and docker compose configurations to simplify the deployment and management of the Wazuh platform. By containerizing Wazuh components, Wazuh-docker offers:

  • Rapid Deployment: Quickly set up a full Wazuh environment.
  • Consistency: Ensures that Wazuh runs the same way across different environments.
  • Scalability: Easier to scale components as needed (especially with orchestrators like Kubernetes, though this documentation primarily focuses on Docker Compose).
  • Isolation: Components run in isolated containers, reducing conflicts.
  • Portability: Run Wazuh on Linux system that supports Docker.

Core Components in Wazuh-Docker

The Wazuh-Docker project typically provides images for the following core Wazuh components, adapted for version 4.12.2:

  1. Wazuh Manager:

    • The central component that collects and analyzes data from deployed Wazuh agents.
    • It performs log analysis, file integrity checking, rootkit detection, real-time alerting, and active response.
    • In a Docker deployment, the Wazuh manager runs in its own container. It exposes ports for agent communication and API access.

  2. Wazuh Indexer:

    • A highly scalable, full-text search and analytics engine.
    • Based on OpenSearch (or historically Elasticsearch), it stores and indexes alerts and monitoring data generated by the Wazuh manager.
    • The Wazuh indexer container provides the data persistence layer for Wazuh alerts and events. For version 4.12.2, this is typically an OpenSearch-based component.

  3. Wazuh Dashboard:

    • A flexible visualization tool based on OpenSearch Dashboards (or historically Kibana).
    • It provides a web interface for querying, visualizing, and analyzing Wazuh data stored in the Wazuh indexer.
    • Users can explore security events, manage agent configurations (via the Wazuh plugin), and generate reports.

Key Features of Wazuh-Docker Deployments

  • Docker Compose: Most deployments are orchestrated using docker-compose.yml files, which define the services, networks, volumes, and configurations for the Wazuh stack.
  • Persistent Data: Docker volumes are used to persist critical data, such as Wazuh manager configurations, agent keys, Wazuh indexer data, and Wazuh dashboard settings, even if containers are stopped or recreated.
  • Networking: Docker networks are configured to allow communication between the Wazuh components.
  • Environment Variables: Configuration of containers is often managed through environment variables passed at runtime.

Understanding this architecture and the role of each component is fundamental for successful deployment, troubleshooting, and scaling of your Wazuh environment using Wazuh-Docker.