Wazuh Dashboard with Opensearch

[Mihail-Iulian Pleșa]

Hi all,

I have two questions:

1. Can we integrate wazuh dashboard with opensearch and filebeat (instead of wazuh indexer)?

2. Can we install the wazuh kibana plugin with opensearch dashboard ?

Thxs

[Gonzalo Membrillo Solbes]

Hello Mihail,

The answer to your both of your questions is yes, as long as the Opensearch version you are using is 1.2.0. Wazuh already uses Opensearch for indexing and dashboard purposes so they are completely compatible. However, the current version of Wazuh, 4.3.10, uses Opensearch 1.2.0 and is not currently compatible with later versions of the tool. As for the dashboard, it also is already an Opensearch Dashboard with the kibana plugin pre-installed. So, you could simply install an Opensearch Dashboard and install out kibana plugin on it with the following commands:

cd /usr/share/opensearch-dashboards bin/opensearch-plugin install /usr/share/kibana/bin/kibana-plugin install https://packages.wazuh.com/4.x/ui/kibana/wazuh_kibana-4.3.7_7.10.2-1.zip

Keep in mind that the plugin is also only compatible with Opensearch v1.2.0 so it won't work on later versions.

However, Wazuh v4.4.0 is scheduled to release soon and will upgrade to using Opensearch v2.3.0, which is the latest Opensearch version. Once it is released, there shouldn't be any problems with installing Wazuh on an already existing Opensearch cluster.

I hope you find this helpful. Do feel free to let us know if you need anything else.

Regards,

Gonzalo