Wazuh on Docker – Part 2: Setting Up Wazuh Step by Step

June 5, 2025
In, , , ,
Wazuh_img_02

In Part 1, we covered the basics of Docker and Wazuh and explained how they work together.
In this part, we’ll move from theory to practice and deploy a fully working Wazuh environment using Docker.

This setup is ideal for:

  • Testing and learning

  • Home labs

  • Small to medium monitoring environments

Prerequisites Recap

Before we begin, make sure you have:

  • Docker installed

  • Docker Compose installed

  • At least 4 GB RAM available

  • Terminal access (Linux / macOS / WSL recommended)

You can verify Docker with:

docker –version
docker-compose –version

Step 1: Get the Official Wazuh Docker Repository

Wazuh provides an official Docker repository that includes preconfigured environments.

git clone https://github.com/wazuh/wazuh-docker.git
cd wazuh-docker/single-node

The single-node deployment is perfect for getting started and includes:

  • Wazuh Manager

  • Elasticsearch

  • Filebeat

  • Wazuh Dashboard

Step 2: Review the Docker Compose Configuration

Open the docker-compose.yml file:

nano docker-compose.yml

At this stage, you usually don’t need to change anything, but it’s good to understand:

  • Which containers will run

  • Which ports are exposed

  • How services communicate internally

Tip: For production environments, memory limits and security hardening should be adjusted.

Step 3: Start the Wazuh Stack

Launch all services using Docker Compose:

docker-compose up -d

This will:

  • Pull the required images

  • Create the containers

  • Start the entire Wazuh stack

The first startup may take a few minutes.

Check container status:

docker ps

You should see all Wazuh-related containers running.

Wazuh_1

Step 4: Access the Wazuh Dashboard

Once everything is up, open your browser and navigate to:

https://localhost or https://your-server-ip

Default Credentials:

  • Username: admin

  • Password: admin

Important: Change the default credentials immediately after your first login.

Wazuh_2

What You Should See

Inside the Wazuh Dashboard, you’ll find:

  • Security alerts

  • System and agent status

  • Compliance and vulnerability data

  • File integrity monitoring results

At this point, Wazuh is fully operational – even without agents.

Security Note

This Docker setup is intended for:

  • Learning

  • Testing

  • Internal monitoring

For production use, you should:

  • Enable TLS hardening

  • Change default passwords

  • Restrict exposed ports

  • Consider a multi-node deployment

Conclusion

You now have a working Wazuh SIEM environment running on Docker. This setup provides a fast and flexible way to explore security monitoring, log analysis, and threat detection without complex manual installation.

What’s Next? (Part 3 Preview)

In Part 3, we’ll cover:

  • Adding Wazuh agents

  • Monitoring real systems

  • Basic alerting and rule tuning

  • Common troubleshooting tips

About the author

Leave a Reply

Subscribe to Our Newsletter

🤞 Stay updated!

Subscribe for expert insights, tutorials, and the latest in web development, cybersecurity tech-driven business innovation.

We don’t spam! Read more in our privacy policy

You might also like

Recent Comments

    Logo_Web_Embed
    Powered by  GDPR Cookie Compliance
    Privacy Overview

    This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.