What is ELK + Wazuh stack
ELK (Elasticsearch, Logstash, Kibana) + Wazuh stack is built with Docker Compose. This stack enables you to create your own security monitoring server based on Wazuh, where ELK is used to aggregate and analyze logs from all the systems and apps, timely detecting threats and monitoring integrity. You can add as many Wazuh agents as the server resources allow. It is recommended to choose the server with at least 4 GB of RAM, 2xCPU and SSD disk for better performance.
What does ELK + Wazuh stack include
- Nginx
- Kibana
- Elasticsearch
- Logstash
- Wazuh
- Curator
Docker images used:
NGINX versions
https://hub.docker.com/repository/docker/trydirect/nginx
NGINX-WAF versions
https://hub.docker.com/repository/docker/trydirect/nginx-waf
Kibana versions
https://hub.docker.com/r/wazuh/wazuh-kibana
Elasticsearch versions
https://hub.docker.com/r/wazuh/wazuh-elasticsearch
Logstash versions
https://hub.docker.com/r/wazuh/wazuh-logstash
Wazuh versions
https://hub.docker.com/r/wazuh/wazuh
Curator versions
https://hub.docker.com/repository/docker/trydirect/curator
What is ELK + Wazuh
"ELK" is the acronym used to refer to the three open-source projects:
- Elasticsearch is a search and analytics engine designed for substantial data volumes storage, search, and analysis.
- Logstash is a server‑side data processing pipeline, allowing you to collect data from multiple sources at the same time, convert it on the go, and then send it to the destination you choose. Elasticsearch in this case.
- Kibana is an open-source user interface, letting users visualize data with intuitive charts and graphs in Elasticsearch.
In its turn, Wazuh is an open-source security monitoring solution used for data collection, aggregation, indexing, and analysis. It helps institutions detect cyber threats, investigate them and respond accordingly.
Who is using ELK + Wazuh stack
- Data analysts
- Application developers
- Data protection officers
- CyberSecurity experts
- Web developers
What are the benefits of using ELK + Wazuh stack
- TryDirect takes over the pretty difficult software installation and pre-configuration process
- We provide all the config files on the server available to you for tuning and reconfiguration
- The IT security professionals get a decent starting point
- You can upgrade/downgrade your application to the most recent version in a couple of clicks
- Your app is starting up faster and is performing better
Number of servers required
Single VPS