Wazuh & multiple companies
597 views
Skip to first unread message
Bas Auer
Nov 29, 2022, 7:24:56 AM11/29/22
to Wazuh mailing list
Hi,
I have searched the group but I can't find an answer on my question so I hope it is possible.
I
have several companies to monitor. Now I want to use Wazuh to monitor
them, but with separate dashboards. Is that possible with one Wazuh
environment or do I need an environment per company?
I hope someone can answer this question for me.
Thanks.
Mario Andres Ruiz Hernandez
Nov 29, 2022, 8:12:21 AM11/29/22
to Wazuh mailing list
Hi,
There are some approaches you can take depending on costs and security:
More about Wazuh architecture here
Other considerations you must have when designing your Wazuh implementation:
The Wazuh indexer cluster is a collection of one or more nodes that communicate with each other to perform read and write operations on indices. Small Wazuh deployments, which do not require processing large amounts of data, can easily be handled by a single-node cluster. Multi-node clusters are recommended when there are many monitored endpoints, when a large volume of data is anticipated, or when high availability is required.
For production environments, it is recommended to deploy the Wazuh server and Wazuh indexer to different hosts. In this scenario, Filebeat is used to securely forward Wazuh alerts and archived events to the Wazuh indexer cluster (single-node or multi-node) using TLS encryption.
There are some approaches you can take depending on costs and security:
Regarding cost:
- 💲 Approach 1: shared manager + shared indexer
- 💲💲 Approach 2: Using wazuh manager per customer + shared wazuh indexer
- 💲💲💲 Approach 3: Using wazuh per customer + aggregate everything using cross cluster search
Regarding isolation, performance, "issues" (The more stars, the better):
- ⭐⭐⭐ Approach 3: Using wazuh per customer + aggregate everything using cross cluster search
- ⭐ ⭐ Approach 2: Using wazuh manager per customer + shared wazuh indexer
- ⭐ Approach 1: shared manager + shared indexer
More about Wazuh architecture here
Other considerations you must have when designing your Wazuh implementation:
The Wazuh indexer cluster is a collection of one or more nodes that communicate with each other to perform read and write operations on indices. Small Wazuh deployments, which do not require processing large amounts of data, can easily be handled by a single-node cluster. Multi-node clusters are recommended when there are many monitored endpoints, when a large volume of data is anticipated, or when high availability is required.
For production environments, it is recommended to deploy the Wazuh server and Wazuh indexer to different hosts. In this scenario, Filebeat is used to securely forward Wazuh alerts and archived events to the Wazuh indexer cluster (single-node or multi-node) using TLS encryption.
Bas Auer
Dec 22, 2022, 6:06:37 AM12/22/22
to Wazuh mailing list
Hi,
Sorry for the delayed answer.
Thanks for the info. I'm going to look into 2 of the 3 options which you mentioned. (Option 1 is not desired)
Op dinsdag 29 november 2022 om 14:12:21 UTC+1 schreef mario...@wazuh.com:
Reply all
Reply to author
Forward
0 new messages