New WAZUH user can't login

Ricky Chung

unread,

Jan 18, 2021, 11:02:36 PM1/18/21

to Wazuh mailing list

Hi all,

I am testing WAZUH 4.0 with OVA image, I use admin account to login the WAZUH web UI (Kibana).

I would like to assign the agents into some groups, let different IT admin from different departments to view their own agents.

I tried to create new users in WAZUH -> Security -> User . It doesn't work new user can't login. I think the web console make use Kibana user instead of Wazuh user, but I don't know how to make it correctly.

Is there a document guide us how to do it correctly?

Thanks!

elw...@wazuh.com

unread,

Jan 19, 2021, 8:46:55 AM1/19/21

to Wazuh mailing list

Hello rchung12,

The users to login in Kibana, should be created at Elastic/kibana level then apply RBAC of Wazuh upon them. Following is an example to illustrate how to create read-only users :

In Kibana box, Edit the file /usr/share/kibana/optimize/wazuh/config/wazuh.yml and set run_as to true and username/password to wazuh-wui, Similar to below :

hosts:
- default:
url: https://localhost
port: 55000
username: wazuh-wui
password: wazuh-wui
run_as: true
Clear the browser’s cache & cookies ( or use a different browser) then restart kibana systemctl restart kibana
Navigate to stack management → Roles in Kibana, then create a custom Role :

Elasticsearch part :

Kibana part (spaces) :
Create a user and assigned the corresponding Role :
Now navigate to WAZUH → Security → Roles Mapping :

Create a new Role mapping :

Then choose read-only and map it to the user (elastic-user) previously created (SOC1) :
When the SOC1 user logged in will have only read-only permissions :