Wazuh indexer
141 views
Skip to first unread message
Xiang Wang
Feb 23, 2023, 7:42:01 PM2/23/23
to Wazuh mailing list
Hi,
I am new to Wazuh and learning the source code.
I can find manager and agent code, but is Wazuh-indexer open source?
Appreciate your help!
Thanks,
Xiang
Federico Gustavo Caffieri
Feb 23, 2023, 10:50:52 PM2/23/23
to Wazuh mailing list
Hi Xiang Wang,
Wazuh Indexer is a fork of OpenSearch (which is an opensource version of Elasticsearch developed by AWS) generated by Wazuh.
The Wazuh indexer is a highly scalable, full-text search and analytics engine. This Wazuh central component indexes and stores alerts generated by the Wazuh server and provides near real-time data search and analytics capabilities.
Wazuh Indexer works as the main database for the Wazuh Dashboard, which is the default GUI for Wazuh. It can be configured as a single-node or multi-node cluster, providing scalability and high availability.
Briefly speaking Wazuh works like this:
- Wazuh Agents collect information from endpoints and forward it to the Wazuh Manager/s (you could have a single manager or a cluster)
- The manager will apply Wazuh's intelligence and processing to the ingested data. This is where all the capabilities and functionalities of Wazuh will live. The manager also runs Filebeat, which is the component in charge of indexing your data into the Wazuh Indexer.
- The Wazuh Indexer is Wazuh Dashboard's DB where it "reads" all data from the indexer.
You can check more information about the Wazuh indexer here:
https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html#wazuh-indexer
https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/index.html#wazuh-indexer
I hope this helps! Let me know if you have any doubts
Wazuh Indexer is a fork of OpenSearch (which is an opensource version of Elasticsearch developed by AWS) generated by Wazuh.
The Wazuh indexer is a highly scalable, full-text search and analytics engine. This Wazuh central component indexes and stores alerts generated by the Wazuh server and provides near real-time data search and analytics capabilities.
Wazuh Indexer works as the main database for the Wazuh Dashboard, which is the default GUI for Wazuh. It can be configured as a single-node or multi-node cluster, providing scalability and high availability.
Briefly speaking Wazuh works like this:
- Wazuh Agents collect information from endpoints and forward it to the Wazuh Manager/s (you could have a single manager or a cluster)
- The manager will apply Wazuh's intelligence and processing to the ingested data. This is where all the capabilities and functionalities of Wazuh will live. The manager also runs Filebeat, which is the component in charge of indexing your data into the Wazuh Indexer.
- The Wazuh Indexer is Wazuh Dashboard's DB where it "reads" all data from the indexer.
You can check more information about the Wazuh indexer here:
https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html#wazuh-indexer
https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/index.html#wazuh-indexer
I hope this helps! Let me know if you have any doubts
Xiang Wang
Feb 24, 2023, 12:16:33 PM2/24/23
to Wazuh mailing list
Thanks Federico!
Based on the description below, do we maintain a separate repo with continuous development efforts/optimizations on OpenSearch for Wazuh indexer? Looks to me this fork isn't public available like wazuh-dashboard which is also a fork of OpenSearch-Dashboards.
Or do we just use the original codebase of OpenSearch with only added tools for installation and configuration?
Migrating to the Wazuh indexer: Follow this section to migrate from Open Distro for Elasticsearch 1.13 to the Wazuh indexer. This new component consists of a distribution of Opensearch with additional tools that Wazuh has created to assist with the installation and configuration of the search engine.
Thanks,
Xiang
Reply all
Reply to author
Forward
0 new messages