Wazuh SIEM Installation Guide

Use a fresh Linux server. Minimum requirements are 8 GB RAM, 4 CPU cores, and 50 GB of disk space. A stable internet connection is required for the installation script. The process needs root access.

Use the official Wazuh installation script for a quick setup. It automatically installs the Wazuh Manager, OpenSearch, and the dashboard. This example uses a clean Ubuntu server.

After the script completes, open a web browser and navigate to the IP address or hostname of your Wazuh server on port 443. This will take you to the dashboard's login page.

The default login credentials are `admin` for both the username and password. You will be prompted to change the default password immediately. **It is crucial to change this for security.**

Wazuh agents are installed on endpoints to collect system data, logs, and security events. They communicate with the Wazuh Manager on TCP port 1514. They must be configured with the manager's IP address to connect and send data.

Use the official script to install a Wazuh agent on Linux. Replace `` with the actual IP address of your Wazuh server.

Download the official `.msi` installer from the Wazuh website. Run the installer and a wizard will guide you through the process. Enter the Wazuh Manager's IP address when prompted during the installation.

The easiest way to install on macOS is with the `.pkg` installer. You can also use Homebrew. After installation, you must manually edit `/Library/Ossec/etc/ossec.conf` to add your manager's IP.

To verify that your agents are connected, check the 'Agents' section in the Wazuh Dashboard. The agent's status should be 'Active'. You can also use the command-line tool on the manager to list all connected agents.