Wazuh is a free and open source security platform that unifies XDR and SIEM protection for endpoints and cloud workloads.

helm repo add wazuh https://antero-software.github.io/wazuh-helm-chart
helm repo update

helm install [RELEASE_NAME] wazuh/wazuh

The Helm Chart installs the following components:

• Wazuh Dashboard
• Wazuh Indexer
• Wazuh Manager (Master and Worker nodes)

HTTPS communication between components is enabled by default and set up using self-signed certificates, provided by cert-manager.

The ossec.conf file is the main configuration file on the Wazuh manager. It is created on the _helpers.tpl file and passed via values.yaml.

This configuration can be replaced, by setting a different value for wazuh.master.conf and waazuh.worker.conf in the values.yaml file. Or extra parameters can be appended to the configuration file by setting the wazuh.master.extraConf and wazuh.worker.extraConf values.

wazuh:
  master:
    conf: |
      <ossec_config>
        ...
    extraConf: |
      ...

The Wazuh Indexer has 2 configuration files: opensearch and internalUsers. These files are created on the _helpers.tpl file and passed via values.yaml and can also be replaced by setting a different value for indexer.config.opensearch and indexer.config.internalUsers in the values.yaml file.

indexer:
  config:
    opensearch: |
      ...
    internalUsers: |
      ...

The Wazuh Dashboard has 1 configuration file. This file is created on the _helpers.tpl file and passed via values.yaml and can also be replaced by setting a different value for dashboard.config in the values.yaml file.

dashboard:
  config: |
    ...