Skip to content
/ terraform_gcp_wazuh_all_in_one Public

Automated installation of Wazuh SIEM [Indexer, Server and Wazuh Dashboard] and agents with Terraform in Google Cloud Platform

License

GPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Chinedu-Obasi/terraform_gcp_wazuh_all_in_one

BranchesTags

Repository files navigation

Terraform+Wazuh+GCP all-in-one Installation

All-in-one installation of the Wazuh SIEM version [Indexer, Server and Dashboard in one server] and Wazuh agents on GCP with VM instances.

Terraform + GCP + Wazuh

  • Deploy a GCP project and assign the necessary roles and permissions.
  • Use the GCP credentials generated in the Terraform variable configuration file.
  • By default the Terraform configuration files deploys 1 (one) Ubuntu 22.04 LTS Wazuh server and 2 (two) Ubuntu 22.04 LTS Wazuh agents (You can customize the OS type and number of agents).

Structure

├── main.tf <- GCP Terraform initialization, Firewall rules, Server and agents instance configuration.
├── outputs.tf <- Output of Wazuh Server and agents IPs
├── terraform.tfvars <- GCP Credentials for Wazuh deployment
├── variables.tf <- Variable definitions.


├── wazuh_server_setup.sh <- Wazuh Server startup script [deploys after instance creation]
├── gcp_project_setup.md <- Steps to create a GCP project, service account and assign required roles.

Usage

git clone https://github.com/Chinedu-Obasi/terraform_gcp_wazuh_all_in_one.git
cd terraform_gcp_wazuh_all_in_one
  • Edit the following variables in terraform.tfvars file with the GCP credentials: project_id, credentials_file, region, zone, service_account_email.
  • {Optional} Edit Server & agent instance types, OS image, Number of to be deployed agents in variables.tf file.
terraform init
terraform plan
terraform apply
  • Retrieve Wazuh Server IP and Dashboard Credentials after start-up script installation from GCP Console [Wazuh Server should be ready in 10-15 minutes]
├── Compute Engine -> VM Instances -> Wazuh-Server -> SSH or Access the Server using any SSH client
sudo -i   # Access the VM as a root user
cd /      # Change directory to the root folder
tar -O -xvf wazuh-install-files.tar wazuh-install-files/wazuh-passwords.txt   # Use the Admin user for the web user interface and Wazuh indexer to access the dashboard.
  • Access the Wazuh Dashboard and use the Deploy Wazuh Agent Option to deploy the Wazuh agents
https:<wazuh-server-ip>  # If certificates are installed correctly, you should have access to the dashboard on port 443.

**Below is a sample installation command for a Debian-64 agent in version 4.7...**
sudo wget https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.7.5-1_amd64.deb && sudo WAZUH_MANAGER='<Wazuh-Server-IP>' WAZUH_AGENT_NAME='<Wazuh-agent-name>' dpkg -i ./wazuh-agent_4.7.5-1_amd64.deb

sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent

Wazuh Modules Dashboard

Wazuh+Dashboard

Wazuh MITRE ATTACK Dashboard

Wazuh+MITRE+Dashboard

Wazuh Security Events Dashboard

Wazuh++SE+Dashboard

Wazuh PCI DSS Dashboard

Wazuh+PCI+Dashboard

Wazuh NIST 800-53 Dashboard

Wazuh+NIST+Dashboard

About

Automated installation of Wazuh SIEM [Indexer, Server and Wazuh Dashboard] and agents with Terraform in Google Cloud Platform

Topics

open-source terraform gcp siem wazuh

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages