Skip to content
This repository has been archived by the owner on Jul 26, 2023. It is now read-only.

Latest commit

 

History

History
72 lines (60 loc) · 4.1 KB

README.md

File metadata and controls

72 lines (60 loc) · 4.1 KB

Note

This repository has been archived and is no longer maintained.

Wazuh for Amazon AWS Cloudformation

Slack Email Documentation Web

This repository contains CloudFormation templates and provision scripts to deploy both a Wazuh production-ready environment and a Wazuh demo environment in Amazon Web Services (AWS):

Production-ready environment:

  • A VPC with two subnets, one for Wazuh servers, and another for Elastic Stack
  • Wazuh managers cluster with two nodes, a master and a worker
  • An Elasticsearch cluster with a minimum of 3 data nodes, auto-scalable to a maximum of 6 nodes
  • A Kibana node that includes a local elasticsearch client node, and an Nginx for HTTP basic authentication
  • Wazuh servers sit behind an internet-facing load balancer for agents to communicate with the cluster
  • Kibana server sit behind an internet facing load balancer, that optionally loads an SSL Certificate for HTTPS
  • Route53 DNS records for the loadbalancer, Wazuh and Elastic Stack nodes (optional).

Demo environment:

  • A VPC with two subnets, one for Wazuh servers, and another for Elastic Stack
  • Wazuh managers cluster with two nodes, a master and a worker
  • An Elasticsearch cluster with a minimum of 3 data nodes, auto-scalable to a maximum of 6 nodes
  • A Kibana node that includes a local elasticsearch client node, and an Nginx for HTTP basic authentication
  • Wazuh servers sit behind an internet-facing load balancer for agents to communicate with the cluster
  • Kibana server sit behind an internet facing load balancer, that optionally loads an SSL Certificate for HTTPS
  • A Splunk Indexer instance with a Splunk app for Wazuh installed on it.
  • Six Wazuh agents installed on different operating systems: Red Hat 7, CentOS 7, Ubuntu, Debian, Amazon Linux and Windows.

Unattendend all-in-one

  • Use install script, following Wazuh unattended all-in-one installation
  • Resources:
    • WazuhAIO: EC2 instance
    • SecurityGroup: EC2 Security Group. It enables the following ports:
      • 443 ( HTTPS) -> 0.0.0.0
      • 22 (SSH) -> 0.0.0.0

Unattended distributed

  • Use install script, following Wazuh unattended distributed installation
  • Reosurces:
    • WazuhVPC: EC2 VPC
    • SubnetWazuh: EC2 Subnet over WazuhVPC
    • SubnetElasticsearch: EC2 Subnet over WazuhVPC
    • InternetGateway: EC2 InternetGateway between WazuhVPC and public network
    • GatewayToInternet: EC2 VPCGatewayAttachment attached to WazuhVPC
    • PublicRouteTable: EC2 RouteTable for WazuhVPC
    • PublicRoute: EC2 Route of PublicRouteTable with a specific destination CIDR
    • SubnetWazuhPublicRouteTable: EC2 SubnetRouteTableAssociation attached to SubnetWazuh
    • SubnetElasticPublicRouteTable: EC2 SubnetRouteTableAssociation attached to SubnetElasticsearch
    • WazuhSecurityGroup: EC2 SecurityGroup over WazuhVPC. It enables the following ports and protocols:
      • 22 (SSH) -> 0.0.0.0
      • ICMP -> 0.0.0.0
      • 1514-1516 (Wazuh manager) -> WazuhVPC
      • 55000 (Wazuh API) -> WazuhVPC
    • ElasticSecurityGroup: EC2 SecurityGroup over WazuhVPC. It enables the following ports and protocols:
      • 22 (SSH) -> 0.0.0.0
      • ICMP -> 0.0.0.0
      • 443 (HTTPS) -> 0.0.0.0
      • 9200-9400 (Wazuh manager) -> WazuhVPC
      • 5000 (wazuh manager) -> WazuhVPC
    • Elastic1: EC2 Instance Elasticsearch initial node (with Kibana)
    • Elastic2: EC2 Instance Elasticsearch node
    • Elastic3: EC2 Instance Elasticsearch node
    • WazuhMaster: EC2 Instance Wazuh master node
    • WazuhWorker: EC2 Instance Wazuh worker node