Implemanting Multi Tenancy
342 views
Skip to first unread message
Eunice Waweru
Mar 25, 2025, 3:23:32 AM3/25/25
to Wazuh | Mailing List
Hello,
I am trying to implement one Wazuh for multiple clients. However, I am not able to separate them to be in different spaces and manage them separately. All the logs are appear on the same space.
I have not seen how I can separate them into different spaces using indexes.
In short what is the wazuh 4.10 way of creating the Kibana spaces.
ismail....@wazuh.com
Mar 25, 2025, 4:49:07 AM3/25/25
to Wazuh | Mailing List
Hi,
A user in Wazuh can have access restricted to a specific dashboard by using Role-Based Access Control (RBAC) and multi-tenancy features. This method allows granting permissions solely for viewing the selected dashboard while ensuring that all other data and agents remain hidden.
Here is a sample configuration that can be modified according to specific requirements:
Here is a sample configuration that can be modified according to specific requirements:
- Enable
multi-tenancy:
Log in as the root user, and refer to the Wazuh documentation link to enable multi-tenancy, and edit the /etc/wazuh-dashboard/opensearch_dashboards.yml configuration file.
Attached screenshot 1 for reference: - Create a Tenant:
Log in as the admin user, and follow these steps to set up a new tenant in the Wazuh dashboard.
Menu icon ☰ → Indexer Management → Security → Tenants → Create Tenant → Create
Tenant name: tenant_group_a
Description (Optional): any
- Create an Internal User:
Proceed to create an internal user who will be assigned specific access permissions.
Menu icon ☰ → Indexer Management → Security → Internal Users → Create Internal User (Provide Username and password) → Create
Provide Username and password:
Username: user1
Note: Once created the user, save it. - Create a Role:
Create a rule and map the user to the role.
Menu icon ☰ → Indexer Management → Security → Roles → Create Role → Create
Role Name: group_a
Cluster Permissions: cluster_composite_ops_ro
Index Permissions:
Index: *
Index permissions: read
Tenant Permissions: tenant_group_a "Read only" - To
map the user to the appropriate role, follow these steps:
Select group → mapped users → map users → Map
Group: group_a
Users: user1
Backend Roles: group_a
Attached is Screenshot 2 for reference - To
allow user1 to access only the dashboards belonging to tenant_group_a, assign them to the kibana_read_only role.
Navigate Menu icon ☰ → Indexer Management → Security → Roles →
Search kibana_read in the search bar and open this role.
Mapped users → map users → Add user name user1 → Map
- To
map the user with Wazuh, follow these steps:
Navigate Menu icon ☰ → Server Management → Security → Roles mapping → Create Role mapping →
Provide the following details,
Role mapping name: group_a
Roles: readonly
Map internal users: user1 - To
create a dashboard for a specific tenant:
Navigate, Menu icon ☰ → Index Management → Security → Tenants → Click on view dashboard of the tenant_group_a
If an index pattern is not available, create an index pattern.
Index pattern name: wazuh-alerts-*Once the index pattern is created, navigate back to the tenant.
Dashboard name is given: Cortex XDR-Dashboard
Click on view dashboard → create new dashboard
Once done all the above steps,
Please log in the wazuh dashboard with url https://<IP or Domain>/app/dashboards?security_tenant=<Tenant Name>https://192.168.10.10/app/dashboards?security_tenant=tenant_group_a
User1 can only view Cortex XDR-Dashboard and access the Dashboard area. (Attached screenshot 3 for reference)
I hope this information is helpful to you. Please feel free to contact us if you have any questions/issues.
Regards,
Regards,
0 new messages