Inquiry Regarding Integration of Wazuh with Azure Cloud Servers

98 views
Skip to first unread message

Jorge Farias

unread,
Mar 25, 2024, 2:03:12 PM3/25/24
to Wazuh | Mailing List
Hello, I have a question. In my infrastructure, I have on-premise servers and cloud servers. When I implemented Wazuh, I did it on-premise without publishing anything externally, but now I want to protect the devices I have in the cloud, specifically in Azure. My questions are as follows: Do I need to publish or expose any service to consume data from Azure? To integrate, should I simply follow this guide? https://documentation.wazuh.com/current/cloud-security/azure/index.html Is there any documentation for consuming Azure WAF events with Wazuh?

Kasim Mustapha

unread,
Mar 28, 2024, 5:28:09 PM3/28/24
to Wazuh | Mailing List
Hello Jorges,

Apologies for not getting back to you sooner.

Thank you for reaching out.

For the Wazuh-agent to communicate with the Manager, you will only require the below ports to be open for communication as the server listens on those ports

  • 1514 - For agent connection Service

  • 1515 - For Agent enrolment service

Also, the communication of the agent with the server takes place through a secure channel (TCP or UDP), providing data encryption and compression in real-time. Additionally, it includes flow control mechanisms to avoid flooding, queueing events when necessary, and protecting the network bandwidth. As a general security practice, you should keep Wazuh and your systems up with the latest security patches and updates to avoid being vulnerable.

Kindly see the documentation below:

Architecture - Getting started with Wazuh · Wazuh documentation

The Azure monitoring module can be configured in the Wazuh manager (which also behaves as an agent) or directly in a Wazuh agent.

And yes, you can the guide to integrate.

https://documentation.wazuh.com/current/cloud-security/azure/index.html

I hope this helps. Let me know if you have further questions.

Thank you.

Kasim

 

Jorge Farias

unread,
Apr 4, 2024, 2:36:23 PM4/4/24
to Wazuh | Mailing List

Thank you Kasim for your response, but I still have doubts about this. By saying that the Wazuh manager behaves like an agent, does it mean that if my Azure instance cannot communicate with my Wazuh manager inside a private network, this wouldn't work, right? The only solution would be to expose the ports of my Wazuh manager to the internet, and in this way Azure would connect correctly, correct?

Regards

Kasim Mustapha

unread,
Apr 15, 2024, 4:14:07 PM4/15/24
to Wazuh | Mailing List

Hello Jorge,

The wazuh manager needs to communicate with the Azure services to collect information. And requires exposing the ports.
If you have agents installed on the Azure instance, they need to be able to communicate with the Wazuh manager. 
You can also use a VPN to do this.

I hope this helps. Feel free to let me know if you have any more questions.

Thank you.

Kasim


Kasim Mustapha

unread,
May 7, 2024, 12:21:58 PM5/7/24
to Wazuh | Mailing List
Hello Jorge,

In addition to what I said earlier, you don't need to expose the ports, as the configuration only queries HTTPS to Azure. It's an outbound connection.

Feel free to let me know if you need further clarification.

Thank you.
Kasim
Reply all
Reply to author
Forward
0 new messages