Wazuh is an open-source security monitoring platform used for threat detection, integrity monitoring, and compliance. Installing Wazuh as an OVA (Open Virtual Appliance) provides a convenient way to set up the Wazuh environment within a virtualized environment. Here’s a brief guide on how to install Wazuh as an OVA:

1. Download the OVA file: Begin by downloading the Wazuh OVA file from the official Wazuh website or repository. Ensure that you select the appropriate version of the OVA file compatible with your virtualization platform.

2. Import the OVA file: Open your virtualization platform (such as VMware, VirtualBox, or others) and import the downloaded OVA file. This process typically involves selecting “Import Appliance” or a similar option and choosing the OVA file from your local storage.

3. Configure virtual machine settings: After importing the OVA file, you may need to configure settings such as CPU, memory, network adapter, and disk size for the Wazuh virtual machine. Ensure that the settings meet the requirements specified by Wazuh for optimal performance.

4. Start the virtual machine: Once the settings are configured, start the virtual machine. The Wazuh virtual appliance will boot up, and you will be prompted to log in.

5. Access the Wazuh web interface: Once the setup is complete, you can access the Wazuh web interface using a web browser. Enter the IP address or hostname of the Wazuh virtual machine in the browser address bar to access the interface. From here, you can manage security alerts, view dashboards, and configure monitoring policies.

Step 01: Downloading Wazuh (OVA) file

Link: https://documentation.wazuh.com/current/deployment-options/virtual-machine/virtual- machine.html

Here is the downloaded Wazuh-4.7.3.ova file

Logging into vmware ESXi

Here, I will select the file type I already downloaded (OVA file)

I named the virtual machine as wazuh-server and dragged the OVA file

After the deployment, finish the process.

Step 2: Installing Wazuh Agent

Link: https://documentation.wazuh.com/current/installation-guide/wazuh-agent/wazuh-agent- package-windows.html

After installation and running Wazuh agent, it will appear as this:

Step 3: Authentication key

After giving the Manager IP to it, we need to addan Authentication key; for that, we have used

MobaXterm terminal. Logging into wazuh:

Using /var/ossec/bin/manage/_agents command to add the agent

The agent has been added as Remote_PC with an ID 001, and after entering the ID we will get our Authentication key.

The Authentication key is as follows:

After adding the authentication key, I restarted the Wazuh agent and refreshed the browser. The agent now appears as active and has begun to load logs onto the dashboard.

Below are the logs recorded over the past few seconds:

Currently, only a single agent has been installed, resulting in limited activity on the dashboard. As additional agents are deployed across more systems within the organization, the dashboard will reflect increased activity and provide a more comprehensive overview.

👇 You can download the full documentation and explore the setup steps through the post below: