Wazuh-Manager on Windows – A step-by-step guide

Welcome to this guide on deploying Wazuh-Manager on Windows using Docker. Docker is a great platform for containerization of applications. In this guide I will walk you through all the essential steps to deploy Wazuh Manager in Windows environment. As you all may know already that Wazuh-Manager can’t be run on windows directly

 Now the question arises here is why not using a Virtual Machine to achieve this task? The answer is Docker containers are lightweight and resource efficient as compared to virtual machines because they are running on a hypervisor which requires its own guest OS. Before actually starting with deployment let me first give you some brief introduction about the software necessary to run containers on Windows known as Docker Desktop. 

Docker Desktop

Docker Desktop is an easy to use application for your Mac or Windows environment without any hassles. It helps you get up and running in no time to develop and share containerized applications. Docker Desktop by default includes all the frameworks and libraries (Docker Engine, Docker CLI client, Docker Compose, Docker Content Trust, Kubernetes, and Credential Helper). 

One missing piece of the puzzle remains that is Wazuh-Manager. What is Wazuh Manager? Let’s get into it.

Wazuh-Manager

As cyber threats are increasing day-by-day at enterprise level there is a need for a more sophisticated, real-time monitoring and security analysis platform for fast threat detection and prevention.

Wazuh is a free and open source platform used for threat prevention, detection, and incident response. It is an enterprise level security monitoring solution for threat detection, integrity monitoring and compliance checks. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. You can go through Wazuh capabilities for further information. 

Wazuh solution consists of an endpoint security agent, deployed to the monitored systems, and a management server, which collects and analyzes data gathered by the agents. Besides, Wazuh has been fully integrated with the ELK Stack, providing a search engine and data visualization tool to gain real time information that allows users to navigate through their security alerts. 

Now we are familiar with Docker Desktop and Wazuh-Manager. Let’s dive into the deployment details now.  

Install docker desktop

You can go through Install Docker Desktop on Windows for further information. In case of this error (Docker .ApiServices.WSL2.Wsl Kernel Update Not Installed) after starting Docker Desktop. Install the following update for the package.

For X64 Machines 

WSL2 Linux kernel update package for x64 machines

For ARM64 Machines

ARM64 package

If you’re not sure what kind of machine you have, open Command Prompt or PowerShell and enter: systeminfo | find “System Type”

Deployment

This configuration is provided as-is for testing purposes only, it is designed for maximum ease of use to get you started fast with Wazuh. For real production environments see Production deployment

  • Clone Wazuh repository to your system git clone https://github.com/wazuh/wazuh-docker.git -b v4.1.5 –depth=1 

  • Start Wazuh and Elastic Stack From the directory where you have the docker-compose.yml file run: docker-compose up

  • All the required packages will be installed and after successful installation you can view your containers in Docker Container/Apps section
  • Run the container named as wazuh-docker from Docker Desktop

Open your browser and run https://<your ip-address> and you will see your container up and running 

Leave a Reply