Wazuh Integrate with existing ELK

569 views

Skip to first unread message

ammar khan

unread,

Oct 24, 2022, 8:02:49 AM10/24/22

to Wazuh mailing list

Hello wazuh,

Kindly assist me on how to integrate wazuh dashboard with existing ELK. My elasticsearch version is 8.2.0. I see the logs of our windows machine in kibana using wazuh agent installed in our system.

Please help me if you have any solution for this.

Thank you.

Regards,

Ammar,

Federico Rodriguez

unread,

Oct 24, 2022, 10:17:29 AM10/24/22

to Wazuh mailing list

Hi!
You can deploy Wazuh to an already existing Elasticsearch or OpenSearch stack, you just need to install the Wazuh plugin in Kibana like this:

cd /usr/share/kibana sudo -u kibana /usr/share/kibana/bin/kibana-plugin install [WAZUH_PACKAGE_URL]

You will need to configure Filebeat on the Wazuh manager side to send the alerts to your elastic stack, here you have a guide on how to configure Filebeat:
https://documentation.wazuh.com/current/deployment-options/elastic-stack/distributed-deployment/wazuh-cluster/wazuh-single-node-cluster.html#installing-filebeat

Unfortunately, Kibana 8.2 is not available yet in our compatibility matrix. You can track the process of the compatibility analysis issue here:
https://github.com/wazuh/wazuh-kibana-app/issues/4567

Regards

Reply all

Reply to author

Forward

0 new messages