Wazuh Server
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| 4.11/stable | 167 | 07 Jul 2025 | |
| 4.11/edge | 200 | 01 Oct 2025 |
juju deploy wazuh-server --channel 4.11/stable
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
Security in Wazuh charms
This document covers the security aspects of the Wazuh charm itself.
For all use cases and configurations related to the Wazuh product, please refer to the official documentation.
Good practices
Distribute the Certification Authority (CA) to users
The charm deploys Wazuh components with a self-signed-certificate CA.
For users to be able to access Wazuh dashboard without any warning, they must install the CA certificate in their browser:
- Extract the certificate with the
juju run self-signed-certificates/leader get-ca-certificateand save the content to aPEMfile. - Distribute the file to your users.
- Install the certificate in your browser. For Chrome, you should go to “Settings > Privacy and security > Security > Manage certificates > Custom > Installed by you > Trusted Certificates > Import” and import the
PEMfile.
Restrict access
The charm exposes wazuh-dashboard directly to users with a local authentication system. It’s recommended to keep this service private by restricting the access to known users (typically through a VPN).
If you cannot restrict the access through a VPN, it’s recommended to put a web application firewall to restrict who can access the service.
Risks
Wazuh collects logs from different services, and these logs may contain sensitive information.
You should limit who has access to the service (typically to your security team).
You should pay attention to your backups.
Security related how-to guides
The following guides cover security related topics: