Cloud server with Wazuh
Wazuh is a SIEM for information protection and security event management. It prevents and finds vulnerabilities with a security agent, detects threats and responds to incidents.
You can create a cloud server with an out-of-the-box Wazuh application.
Create a cloud server with Wazuh
For Wazuh to work, the cloud server must be accessible from the Internet. To do this, you need to create a private subnet and connect a public IP address — you can do this when creating the server. To configure Wazuh when creating the server, you need to specify user data — user configuration parameters of the operating system.
After you create a server, you can automatically issue a free TLS certificate from Let's Encrypt® for the domain you specify. To issue a certificate, you must add an A record for the domain and specify the public IP address of the server in the record value.
-
In the Control panel, on the top menu, click Products and select Cloud Servers.
-
Click Create Server.
-
In the Name and Location block:
3.1 In the Name field, enter the name of the server. This will be set as the host name in the operating system.
3.2 In the Region and Pool fields, select the region and pool segment in which the server will be created. The list of available server configurations and resource costs depends on the pool segment. Once the server is created, the pool segment cannot be changed.
-
In the Source block, select the source from which the server will be created.
Click the default source name, open the Applications tab, select
Cloud Wazuh <version> 64-bit, and click Select. -
In the Configuration block, select a server configuration based on the number of Wazuh agents. If there are less than 100 agents, select a configuration of 4 vCPUs, RAM of 8 GB and boot disk size of 16 GB. You can select:
- fixed configuration — rulers in which the ratio of resources is fixed;
- or an arbitrary configuration in which any resource ratio can be specified.
The configurations use different processors depending on the line and pool segment.
5.1 To select a fixed configuration, click Fixed, open the tab with the desired ruler and select the configuration.
5.2 To select an arbitrary configuration, click Arbitrary, specify the number of vCPUs and the RAM size.
5.3 To select a local disk as the server boot disk, check the Local SSD NVMe disk checkbox . To select a network disk as the boot disk, do not check the checkbox.
The amount of RAM allocated to the server may be less than the amount specified in the configuration — the operating system kernel reserves some RAM depending on the kernel version and distribution. You can check the allocated amount on the server with
sudo dmesg | grep Memory.After the server is created, you can change the configuration.
-
If you did not check the Local SSD NVMe disk checkbox in step 5.3., the first specified network disk will be used as the server boot disk. In the Disks:
6.1. In the Disk Type field, select the type of network boot disk.
6.2 Specify the size of the network boot disk in GB or TB. Observe the maximum size limits for network disks.
-
Optional: Add additional network disks to the server. In the Disks:
7.1. In the Disk Type field, select the network disk type.
7.2 Specify the size of the network disk in GB or TB. Observe the maximum size limits of the network disks.
7.3 To add another additional disk, click Add, select the disk type and specify its size.
Once the server is created, you can disconnect additional disks from it or connect new ones.
-
In the Network block, connect an existing private subnet with the cloud router or create a new one:
Existing private subnet
New private subnet
8.1 Click Private Subnet.
8.2. In the Public IP Address for Internet Access field, select New Public IP Address.
8.3. Expand the block with private subnet settings.
8.4. In the Subnet field, select an existing subnet.
8.5. In the Private IP field, specify the private IP address of the server. The public IP address will be automatically connected to the private address.
8.1 Click Private Subnet.
8.2. In the Public IP Address for Internet Access field, select New Public IP Address.
8.3. Expand the block with private subnet settings.
8.4 If you have existing networks in the project, select New Subnet in the Subnet field.
8.5 Optional: Change the CIDR of the subnet.
8.6 Optionally: enable the DHCP toggle switch.
8.7. Optional: in the Gateway field, change the IP address of the default gateway.
8.8. In the Network field, select an existing network where the subnet will be created or New network. For a private subnet with a public IP address,
router-<network_name>, where<network_name>is the network name, will be automatically created.8.9. If you selected New Network, enter the name of the network.
-
Select security groups to filter traffic on server ports. Without security groups, traffic will not be allowed. If there is no block, port security is disabled on the server network . With traffic filtering disabled, all traffic will be allowed.
-
In the Access block:
10.1 Place an SSH key on the server for secure connection.
To add a new SSH key to the cloud platform, click Add SSH Key, enter the key name, paste the public SSH key in OpenSSH format, and click Add.
If an SSH key is added to the cloud platform, select the existing key in the SSH Key field.
10.2 Optionally: in the Password for "root" field, copy the password of the
rootuser (a user with unlimited rights to all actions on the system). Save the password in a safe place and do not pass it on in public. -
In the Advanced Settings block:
11.1 Optional: If you plan to create multiple servers and want to increase the fault tolerance of your infrastructure, add a server to a placement group. To create a new group, click Create Group, enter a group name, and select a placement policy on different hosts:
- preferably soft-anti-affinity. The system will try to place servers on different hosts. If there is no suitable host when creating a server, it will be created on the same host;
- anti-affinity is mandatory. Servers in a group must be located on different hosts. If there is no suitable host when creating a server, the server will not be created.
If a group has been created, select a placement group in the Placement Group field.
11.2 Optional: add server tags to add additional information or filter servers in the list. Operating system and configuration tags are automatically added. To add a new tag, enter a tag in the Tags field.
-
In the Automation block, in the User data field, insert a script that will be executed at system startup. You can add additional parameters to the script:
Creating a server with TLS certificate issuance
Creating a server without issuing a TLS certificate
#cloud-config
write_files:
- path: "/opt/gomplate/values/user-values.yaml"
permissions: "0644"
content: |
admin_password: "<administrator_password>"
wazuhDomain: <example.com>
leEmail: <root@example.com>
useLE: trueSpecify:
<administrator_password>— Wazuh administrator password. The password must contain:- more than eight characters;
- at least one capital letter;
- at least one lowercase letter;
- at least one digit;
<example.com>— domain to access Wazuh. For the domain, you must add an A record and specify the public IP address you specified in step 8 in the record value. After the server is created, a TLS certificate from Let's Encrypt® will be automatically issued for the domain;<root@example.com>— Wazuh administrator email to create an account and receive Let's Encrypt® notifications;useLE: true— parameter to automatically issue a TLS certificate from Let's Encrypt®.
#cloud-config
write_files:
- path: "/opt/gomplate/values/user-values.yaml"
permissions: "0644"
content: |
admin_password: "<administrator_password>"Specify:
<administrator_password>— Wazuh administrator password. The password must contain:- more than eight characters;
- at least one capital letter;
- at least one lowercase letter;
- at least one digit.
-
Check the price of the cloud server.
-
Click Create.
Parameters
To configure a cloud server with Wazuh, you can specify parameters from the table in the User data field.