Wazuh Docker Compose (How it Works for Developers)

Introduction

Organized companies in today's rapidly changing digital world will be threatened with advanced cyberattacks, stringent regulatory compliance, and monitoring systems. A contemporary strategy added to modern cybersecurity includes the following: new features of security monitoring, which deals with threat detection, such as identifying malicious activities or vulnerability, and corresponds appropriately; another new feature deals with compliance management, which requires compliance with several regulations. Compliance management ensures industries' standards and rules that enable organizations to evade penalties and confidently hand over control of their organization to other customers or stakeholders.

Organizations need high-quality tools to meet these requirements accurately. One great solution is a Wazuh Docker or containerized implementation of the Wazuh security platform. In this article, we will learn more about Wazuh Docker and how it can be integrated with IronSecureDoc.

What is Wazuh Docker?

Wazuh Docker is a Dockerized deployment of the Wazuh security platform, simplifying and enhancing security monitoring, threat detection, and compliance management implementation. It takes advantage of Docker to containerize the primary components of Wazuh Manager, Elasticsearch, and Kibana, achieving speed for easy rapid deployment and operational-level automation. This solution provides features such as EDR, log analysis, vulnerability management, and monitoring of regulatory compliance, making it an all-around security solution for a modern IT environment.

Its container architecture guarantees compatibility with cloud platforms, on-premises systems, and orchestration tools like Kubernetes, making it easy for organizations to adapt it to diverse infrastructures. With the Wazuh dashboard, businesses can monitor security events in real-time, respond to threats effectively, and maintain compliance with industry standards, all while benefiting from the flexibility and efficiency of containerized deployment.

Features of Wazuh Docker

Containerized Deployment

Wazuh Docker uses Docker technology to pack all its components such as Wazuh Manager, Elasticsearch, and Kibana into pre-built, ready-to-use containers. This containerized architecture makes it straightforward to deploy Wazuh anywhere, ensuring consistency across environments and reducing the complexity of setting up and maintaining the platform.

Scalability

Wazuh Docker is designed for dynamic environments and also lets the individual components scale independently. For example, with an increase in the volume of monitored data, Elasticsearch nodes can be scaled by users to handle the workload and ensure efficient performance in a large-scale deployment.

Portability

The Docker architecture of Wazuh is a cloud-based architecture deployable on local machines, cloud services, or container orchestration platforms such as Kubernetes. Its portability ensures compatibility with multi-infrastructures, enabling organizations to adapt it to their unique operational needs.

Management Simplification

Wazuh Docker accomplishes such streamlining of all its component orchestration by leveraging Docker Compose. The otherwise complex task of starting, stopping, and managing the Wazuh stack becomes more straightforward; the administrative burden lightens and lets the users, or even those less expert, take care of things with minimal fuss and strain.

Log Analysis

Wazuh Docker aggregates and correlates logs from any source, whether servers, applications, or devices. It aids organizations in their detection and response to security incidents by offering real-time log correlation.

Threat Detection

Wazuh Docker detects the threats, vulnerabilities, and even suspicious activities being carried out in monitored endpoints due to the aid of built-in rules and customization of configurations. That adds up to strengthening your organization in proactive protection offered for its systems concerning security risks.

Compliance Monitoring

Wazuh Docker automates checks against industry standards like GDPR, HIPAA, and PCI DSS. Wazuh Docker also issues wide-ranging reports which makes auditing easy and keeps an eye on an organization's status of conformity with the regulatory standards.

Customizable Rules

Wazuh Docker provides custom security rules, an ability where the organization can have its threat detection and compliance policies according to the needs of an organization. Such flexibility ensures the platform will have to adapt to unique operational challenges and security goals.

Web-Based Dashboard

Kibana is integrated with Wazuh Docker. The web-based dashboard for viewing alerts, logs, and trends is highly powerful. With an intuitive interface, it enables users to analyze data, monitor security events, and create customized views with ease.

Seamless Integration

Wazuh Docker integrates easily and smoothly with all third-party tools and cloud services, enabling elaborate workflows and shared data. Thus, interoperability increases its use as part of a more global security system.

Install Wazuh Docker

We can deploy the Wazuh stack which includes the Wazuh Manager, Elasticsearch, and Kibana using Docker and Docker Compose. This step-by-step guide will take you through the setup process of running two Wazuh manager nodes Docker.

Clone the Wazuh Docker Repository

First, clone the official Wazuh Docker repository, containing the configuration files and the Docker images needed for deployment.

git clone https://github.com/wazuh/wazuh-docker.git
cd wazuh-docker

git clone https://github.com/wazuh/wazuh-docker.git
cd wazuh-docker

By doing this, a local copy of the repository is created, changing the directory.

Configure Docker Compose

The repository has a pre-configured docker-compose.yml that declares the Wazuh, Elasticsearch, and Kibana containers. You can modify this file to fit your needs; you might want to adjust some resource limits or modify the network settings.

Start the Wazuh Stack

Once you have your docker-compose.yml file configured, you can run the Wazuh Docker stack. To get all the containers running, issue the following command:

docker-compose up -d

docker-compose up -d

You have the choice to start a single or multi-node container. This command will pull the required Docker images from Docker Hub if they are not already available locally and start the containers in the background, which installs the Wazuh indexer container and dashboard node.

After the containers start, you can verify that the Wazuh Docker stack with the Wazuh indexer nodes is running by checking the status of the single or multi-node containers:

docker ps

docker ps

Also, you can check the Wazuh dashboard node view. We can log in with the default credentials.

What is IronSecureDoc?

IronSecureDoc is a document management and security utility tool that uses advanced encryption, complex PDF manipulation, and digital signing. It delivers document confidentiality and integrity to firms and developers through seamless access and thus facilitates easier processing of PDF documents without any direct or indirect dependencies. It can also be termed as an Aggressive PDF API in those cases where the features allow the developers to create, upload, manipulate, and secure PDF files and documents programmatically.

More, IronPDF is a PDF API that allows the creation of a PDF from any kind of data input and adding or editing content through parameters such as text, images, and metadata. This includes merging several PDFs to make composed files, splitting documents, and even comments, highlights, or watermarks for annotations.

It provides password protection, AES encryption, and certificate-based access controls through Wazuh certs gen tool that lock all your sensitive information and data. Apart from this, it enables digital signing to authenticate your documents and nonrepudiation-a very important feature in financial, medical, and legal industries. Its audit trail functionality allows monitoring of all the activities executed on the documents for more compliance and accountability.

Install and Run IronSecureDoc

Pull the Docker image of IronSecureDoc using the command in the Command Prompt or an open terminal window based on the following repository.

docker pull ironsoftwareofficial/ironsecuredoc

docker pull ironsoftwareofficial/ironsecuredoc

docker container run --rm -p 8080:8080 -e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> -e ENVIRONMENT=Development -e HTTP_PORTS=8080 ironsoftwareofficial/ironsecuredoc:latest

docker container run --rm -p 8080:8080 -e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> -e ENVIRONMENT=Development -e HTTP_PORTS=8080 ironsoftwareofficial/ironsecuredoc:latest

The Docker run command above will start a container instance of the IronSecureDoc. Now you can access the IronSecureDoc on the port "http://localhost:8080/swagger/index.html" like the below page.

Integrating IronSecureDoc with Wazuh

The integration with Wazuh will strengthen the overall security posture and combine document security monitoring with the most robust threat detection and compliance management capabilities. As a result of this integration, you can closely monitor activities related to documents, establish anomaly detection rules for document-related handling, or enforce compliance rules. Here's how you do it and which considerations apply while adding IronSecureDoc to one Wazuh manager in your deployment.

Set Up Log Monitoring

This involves the configuration of the system for the collection and analysis of log data coming from various sources, which is what log monitoring is all about. This process helps identify anomalies and reveals potential threats while ensuring compliance. First, identify which log files or directories you want to monitor: this could be an application log, a system log, or any third-party tool log, like IronSecureDoc.

<localfile>
  <log_format>syslog</log_format>
  <location>/path/to/ironsecuredoc/logs</location>
</localfile>

<localfile>
  <log_format>syslog</log_format>
  <location>/path/to/ironsecuredoc/logs</location>
</localfile>

The next step is to edit the Wazuh configuration file, ossec.conf, on the Wazuh agent or Wazuh manager nodes. Add a <localfile> entry for the log source. Define the log format, for example, syslog, and the file path or location where the logs are stored. After that, restart the Wazuh agent or manager to apply the changes. Wazuh will then monitor the given logs correlating events with its built-in rules or those you define. It sends alerts for suspicious activities or compliance violations.

Restart the Wazuh agent to apply the changes.

systemctl restart wazuh-agent

systemctl restart wazuh-agent

'INSTANT VB TODO TASK: The following line uses invalid syntax:
'systemctl restart wazuh-agent

This setup ensures that Wazuh captures and processes all relevant log events. Below is a screenshot captured by the Wazuh manager and a log of the Activity including IronSecureDoc.

Integrate IronSecureDoc's API

To include advanced integration, use the IronSecureDoc API (if it is accessible) to have the Wazuh repository pull security events on a document level. Write a custom script or program to retrieve those events and submit them to Wazuh. Here is a sample Python implementation below:

import requests
# API URLs for check
iron_api_url = "http://localhost:8080/v1/document-services/ping"
#wazuh api requests url
wazuh_api_url = "http://wazuh-manager:55000/alerts"
# API authentication if required
headers = {'Authorization': 'Bearer YOUR_API_KEY'}
# Fetch events from IronSecureDoc
response = requests.get(iron_api_url, headers=headers)
events = response.json()
# Forward events to Wazuh
for event in events:
    alert = {
        "rule": {
            "id": 100002,
            "level": 5,
            "description": event.get("description", "IronSecureDoc event")
        },
        "data": event
    }
    requests.post(wazuh_api_url, json=alert, headers=headers)

py

Run this script periodically (e.g. as a cron job) to keep Wazuh updated with the latest document security events. Here we are using normal request to check the API. The above code will also trigger the alert request to the Wazuh. To know more about the Wazuh API documentation refer to API page.

Conclusion

The integration of Wazuh with IronSecureDoc gives a powerful security solution that couples real-time detection of threats with advanced protection for documents. Wazuh analyzes, monitors, and alerts system and application events, which are achieved together with what IronSecureDoc has on encryption, signature validation, and compliance capabilities. Together, they offer far more in-depth visibility into the activities associated with securing documents, detecting unauthorized access, and enforcing compliance with organizational and regulatory standards.

Through centralized monitoring using Wazuh and document security-specific features with IronSecureDoc, organizations can secure sensitive information, simplify compliance processes, and proactively be prepared in response to evolving security threats. Of course, the integration then enhances an overall security posture while giving businesses a better offensive position in their responses to changing cybersecurity threats.

With the help of the IronSecureDoc REST API, safe printing and effective PDF format handling are now easily incorporated into applications created by web, mobile, and corporate systems developers. To know more about the license of IronSecureDoc, visit the licensing page. For information on the products of Iron Software, follow the library suite page.