Ícono de mensaje
Saltar al pie de página
  1. IronSecureDoc
  2. Blog de IronSecureDoc
  3. Usando IronSecureDoc
  4. Wazuh Docker Compose
USANDO IRONSECUREDOC

Wazuh Docker Compose (Cómo funciona para desarrolladores)

Curtis Chau
Curtis Chau
Actualizado:

Organized companies in today's rapidly changing digital world are threatened by advanced cyberattacks, stringent regulatory compliance, and monitoring systems. A contemporary strategy in modern cybersecurity includes new features of security monitoring which deal with threat detection, such as identifying malicious activities or vulnerabilities, and responding appropriately. Another new feature deals with compliance management, requiring adherence to various regulations. Compliance management ensures industry standards and rules that enable organizations to evade penalties and confidently hand over control of their operations to customers or stakeholders.

Organizations need high-quality tools to meet these requirements accurately. One great solution is a Wazuh Docker or containerized implementation of the Wazuh security platform. In this article, we will learn more about Wazuh Docker and how it can be integrated with IronSecureDoc.

What is Wazuh Docker?

Wazuh Docker is a Dockerized deployment of the Wazuh security platform, simplifying and enhancing security monitoring, threat detection, and compliance management implementation. It takes advantage of Docker to containerize components like Wazuh Manager, Elasticsearch, and Kibana, achieving speed for rapid deployment and operational-level automation. This solution provides features such as EDR, log analysis, vulnerability management, and regulatory compliance monitoring, making it an all-around security solution for a modern IT environment.

Its container architecture guarantees compatibility with cloud platforms, on-premises systems, and orchestration tools like Kubernetes, enabling organizations to adapt to diverse infrastructures. With the Wazuh dashboard, businesses can monitor security events in real-time, respond to threats effectively, and maintain compliance with industry standards, all while benefiting from the flexibility and efficiency of containerized deployment.

Features of Wazuh Docker

Containerized Deployment

Wazuh Docker utilizes Docker technology to package all its components such as Wazuh Manager, Elasticsearch, and Kibana into pre-built, ready-to-use containers. This containerized architecture makes it straightforward to deploy Wazuh anywhere, ensuring consistency across environments and reducing the complexity of setting up and maintaining the platform.

Scalability

Wazuh Docker is designed for dynamic environments and allows individual components to scale independently. For example, with an increase in the volume of monitored data, Elasticsearch nodes can be scaled by users to handle the workload and ensure efficient performance in a large-scale deployment.

Portability

The Docker architecture of Wazuh ensures it can be deployed on local machines, cloud services, or container orchestration platforms such as Kubernetes. Its portability ensures compatibility with multiple infrastructures, enabling organizations to adapt it to their unique operational needs.

Management Simplification

Wazuh Docker simplifies component orchestration by leveraging Docker Compose. The otherwise complex task of starting, stopping, and managing the Wazuh stack becomes more straightforward; the administrative burden is lightened, allowing even less expert users to handle tasks with minimal fuss.

Log Analysis

Wazuh Docker aggregates and correlates logs from any source, whether servers, applications, or devices. It aids organizations in detecting and responding to security incidents by offering real-time log correlation.

Threat Detection

Wazuh Docker identifies threats, vulnerabilities, and suspicious activities in monitored endpoints by utilizing built-in rules and customizable configurations. This strengthens an organization’s proactive protection against security risks.

Compliance Monitoring

Wazuh Docker automates checks against industry standards like GDPR, HIPAA, and PCI DSS. It also delivers comprehensive reports, making auditing easier and ensuring an organization's conformity with regulatory standards.

Customizable Rules

Wazuh Docker allows organizations to define custom security rules, enabling threat detection and compliance policies tailored to their specific needs. This flexibility ensures the platform can adapt to unique operational challenges and security goals.

Web-Based Dashboard

Kibana is integrated with Wazuh Docker, providing a powerful web-based dashboard for viewing alerts, logs, and trends. With an intuitive interface, it enables users to analyze data, monitor security events, and create customized views with ease.

Seamless Integration

Wazuh Docker integrates smoothly with third-party tools and cloud services, enabling elaborate workflows and shared data. Thus, interoperability increases its utility as part of a global security system.

Install Wazuh Docker

We can deploy the Wazuh stack, which includes the Wazuh Manager, Elasticsearch, and Kibana, using Docker and Docker Compose. This step-by-step guide will take you through the setup process of running Wazuh manager nodes using Docker.

Clone the Wazuh Docker Repository

First, clone the official Wazuh Docker repository, containing the configuration files and Docker images needed for deployment.

git clone https://github.com/wazuh/wazuh-docker.git
cd wazuh-docker
git clone https://github.com/wazuh/wazuh-docker.git
cd wazuh-docker
SHELL

Wazuh Docker Compose (How it Works for Developers): Figure 2 - Clone Wazuh Docker Repository

By doing this, a local copy of the repository is created and the directory is changed.

Configure Docker Compose

The repository has a pre-configured docker-compose.yml that declares the Wazuh, Elasticsearch, and Kibana containers. You can modify this file to fit your needs; you might want to adjust some resource limits or modify the network settings.

Start the Wazuh Stack

Once you have your docker-compose.yml file configured, you can run the Wazuh Docker stack. To start all containers, issue the following command:

docker-compose up -d
docker-compose up -d
SHELL

Wazuh Docker Compose (How it Works for Developers): Figure 3 - Start Wazuh Stack

You have the choice to start a single or multi-node container stack. This command will pull the required Docker images from Docker Hub if not available locally and start the containers in the background, setting up the Wazuh indexer container and dashboard node.

After the containers start, verify the Wazuh Docker stack with the Wazuh indexer nodes running by checking the status of the single or multi-node containers:

docker ps
docker ps
SHELL

Wazuh Docker Compose (How it Works for Developers): Figure 4 - Wazuh Docker Stack

You can check the Wazuh dashboard node view and log in with the default credentials.

Wazuh Docker Compose (How it Works for Developers): Figure 5 - Wazuh Dashboard

What is IronSecureDoc?

IronSecureDoc is a document management and security utility tool that provides advanced encryption, complex PDF manipulation, and digital signing. It delivers document confidentiality and integrity to firms and developers through seamless access and thus facilitates easier processing of PDF documents without any direct or indirect dependencies. It can also be referred to as an Aggressive PDF API where developers can create, upload, manipulate, and secure PDF files and documents programmatically.

Wazuh Docker Compose (How it Works for Developers): Figure 6 - IronSecureDoc: The PDF Security and Compliance Server

Moreover, IronPDF is a PDF API that allows PDF creation from various data inputs and the addition or editing of content through parameters such as text, images, and metadata. This includes merging several PDFs to create composed files, splitting documents, and adding comments, highlights, or watermarks for annotations.

It provides password protection, AES encryption, and certificate-based access controls via the Wazuh certs gen tool to lock all sensitive information and data. Additionally, it enables digital signing to authenticate documents and ensure non-repudiation—an important feature in financial, medical, and legal industries. Its audit trail functionality allows monitoring of all document activities for enhanced compliance and accountability.

Install and Run IronSecureDoc

Pull the Docker image of IronSecureDoc using the command in the Command Prompt or an open terminal window based on the following repository.

docker pull ironsoftwareofficial/ironsecuredoc
docker pull ironsoftwareofficial/ironsecuredoc
SHELL

Wazuh Docker Compose (How it Works for Developers): Figure 7 - Pull IronSecureDoc Docker Image

Run the Docker container with the following command:

docker container run --rm -p 8080:8080 -e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> -e ENVIRONMENT=Development -e HTTP_PORTS=8080 ironsoftwareofficial/ironsecuredoc:latest
docker container run --rm -p 8080:8080 -e IronSecureDoc_LicenseKey=<IRONSECUREDOC_LICENSE_KEY> -e ENVIRONMENT=Development -e HTTP_PORTS=8080 ironsoftwareofficial/ironsecuredoc:latest
SHELL

This command will start a container instance of IronSecureDoc. You can then access IronSecureDoc on the port "http://localhost:8080/swagger/index.html" as shown in the page below.

Wazuh Docker Compose (How it Works for Developers): Figure 8 - REST API

Integrating IronSecureDoc with Wazuh

Integrating IronSecureDoc with Wazuh strengthens overall security posture, combining document security monitoring with robust threat detection and compliance management capabilities. As a result, you can monitor document-related activities, establish anomaly detection rules for document handling, and enforce compliance rules. Here’s how to integrate IronSecureDoc with a Wazuh manager in your deployment.

Set Up Log Monitoring

Log monitoring involves the configuration of the system to collect and analyze log data from various sources. This process helps identify anomalies and reveals potential threats while ensuring compliance. First, identify the log files or directories you want to monitor, such as an application log, system log, or any third-party tool log like IronSecureDoc.

<localfile>
  <log_format>syslog</log_format>
  <location>/path/to/ironsecuredoc/logs</location>
</localfile>
<localfile>
  <log_format>syslog</log_format>
  <location>/path/to/ironsecuredoc/logs</location>
</localfile>
XML

Next, edit the Wazuh configuration file, ossec.conf, on the Wazuh agent or manager nodes. Add a <localfile> entry for the log source. Define the log format, such as syslog, and specify the file path or location where the logs are stored. After editing, restart the Wazuh agent or manager to apply the changes. Wazuh will then monitor the logs, correlating events with its built-in rules or user-defined ones and sending alerts for suspicious activities or compliance violations.

Restart the Wazuh agent to apply the changes:

systemctl restart wazuh-agent
systemctl restart wazuh-agent
SHELL

This setup ensures that Wazuh captures and processes all relevant log events. Below is a screenshot captured by the Wazuh manager and a log of the activity, including IronSecureDoc.

Wazuh Docker Compose (How it Works for Developers): Figure 9 - Wazuh Agent

Integrate IronSecureDoc's API

For advanced integration, use the IronSecureDoc API (if accessible) to have the Wazuh repository pull security events at the document level. Write a custom script to retrieve those events and submit them to Wazuh. Here is a sample Python implementation:

import requests

# API URLs for interaction
iron_api_url = "http://localhost:8080/v1/document-services/ping"
wazuh_api_url = "http://wazuh-manager:55000/alerts"

# API authentication headers
headers = {'Authorization': 'Bearer YOUR_API_KEY'}

# Fetch events from IronSecureDoc
response = requests.get(iron_api_url, headers=headers)
events = response.json()

# Forward events to Wazuh
for event in events:
    alert = {
        "rule": {
            "id": 100002,
            "level": 5,
            "description": event.get("description", "IronSecureDoc event")
        },
        "data": event
    }
    requests.post(wazuh_api_url, json=alert, headers=headers)
import requests

# API URLs for interaction
iron_api_url = "http://localhost:8080/v1/document-services/ping"
wazuh_api_url = "http://wazuh-manager:55000/alerts"

# API authentication headers
headers = {'Authorization': 'Bearer YOUR_API_KEY'}

# Fetch events from IronSecureDoc
response = requests.get(iron_api_url, headers=headers)
events = response.json()

# Forward events to Wazuh
for event in events:
    alert = {
        "rule": {
            "id": 100002,
            "level": 5,
            "description": event.get("description", "IronSecureDoc event")
        },
        "data": event
    }
    requests.post(wazuh_api_url, json=alert, headers=headers)
PYTHON

Run this script periodically (e.g., as a cron job) to keep Wazuh updated with the latest document security events. The script uses standard HTTP requests to communicate with the IronSecureDoc API and sends corresponding alerts to Wazuh. To learn more about the Wazuh API documentation, refer to the API page.

Wazuh Docker Compose (How it Works for Developers): Figure 10 - Wazuh Script

Conclusion

The integration of Wazuh with IronSecureDoc provides a powerful security solution that combines real-time threat detection with advanced document protection. Wazuh analyzes, monitors, and alerts system and application events, complementing IronSecureDoc features such as encryption, signature validation, and compliance capabilities. Together, they offer in-depth visibility into securing documents, detecting unauthorized access, and enforcing compliance with organizational and regulatory standards.

Through centralized monitoring using Wazuh and document security-specific features with IronSecureDoc, organizations can secure sensitive information, simplify compliance processes, and proactively respond to evolving security threats. This integration enhances an overall security posture while giving businesses a better offensive position in their approach to changing cybersecurity threats.

With the help of the IronSecureDoc REST API, secure document handling and PDF management are easily incorporated into applications developed by web, mobile, and enterprise systems developers. To learn more about the licensing of IronSecureDoc, visit the licensing page. For information on Iron Software products, follow the library suite page.

Preguntas Frecuentes

¿Cómo puedo desplegar una plataforma de seguridad usando Docker?

Puedes desplegar una plataforma de seguridad usando Docker utilizando Wazuh Docker, que contenedorizada componentes como el Gestor de Wazuh, Elasticsearch y Kibana. Este despliegue Dockerizado simplifica el monitoreo de seguridad y automatiza la gestión de la detección de amenazas y el cumplimiento.

¿Cuáles son los beneficios de usar Docker para el monitoreo de seguridad?

Usar Docker para el monitoreo de seguridad, como se ve con Wazuh Docker, ofrece beneficios como despliegue rápido, escalabilidad, portabilidad e integración sin problemas con plataformas en la nube y herramientas de orquestación como Kubernetes, que mejoran la eficiencia de la detección de amenazas y la gestión del cumplimiento.

¿Cómo configuro un stack de seguridad con Docker Compose?

Para configurar un stack de seguridad con Docker Compose, necesitas clonar el repositorio Docker de Wazuh, configurar Docker Compose y luego iniciar el stack de Wazuh. Este proceso permite un despliegue simplificado de los componentes necesarios en un entorno contenedorizado.

¿Cómo mejora la seguridad la integración de una herramienta de seguridad de documentos con una plataforma de seguridad?

Integrar una herramienta de seguridad de documentos como IronSecureDoc con una plataforma de seguridad como Wazuh mejora la seguridad al permitir el monitoreo de seguridad de documentos y la detección de anomalías, además de facilitar la aplicación del cumplimiento a través de la integración de API.

¿Qué papel juega un panel basado en la web en una plataforma de seguridad?

Un panel basado en la web, proporcionado por herramientas como Kibana en la configuración de Wazuh Docker, juega un papel crucial en la visualización de datos de seguridad, permitiendo a los usuarios monitorear amenazas, estado de cumplimiento y análisis de logs en tiempo real, mejorando así la conciencia situacional y la capacidad de respuesta.

¿Cuál es la importancia de las reglas de seguridad personalizables en una plataforma de seguridad Dockerizada?

Las reglas de seguridad personalizables en una plataforma de seguridad Dockerizada, como las de Wazuh Docker, permiten a las organizaciones adaptar la detección de amenazas y las verificaciones de cumplimiento a sus necesidades específicas, mejorando la precisión y efectividad de las medidas de seguridad.

¿Cómo puedo automatizar el monitoreo de cumplimiento usando una solución Dockerizada?

Puedes automatizar el monitoreo de cumplimiento usando una solución Dockerizada como Wazuh Docker, que verifica contra estándares de la industria como GDPR, HIPAA y PCI DSS. Automiza la generación de informes completos para asegurar el cumplimiento regulatorio.

¿Qué pasos están involucrados en integrar el monitoreo de seguridad de documentos con una plataforma de seguridad?

Integrar el monitoreo de seguridad de documentos con una plataforma de seguridad implica usar la API de IronSecureDoc para enviar eventos de seguridad de documentos a Wazuh. Esta integración ayuda a combinar la protección de documentos con capacidades integrales de detección de amenazas.

¿Cómo simplifica Docker Compose la gestión de una plataforma de seguridad?

Docker Compose simplifica la gestión de una plataforma de seguridad como Wazuh Docker al automatizar la orquestación de sus componentes, reduciendo la complejidad y haciendo más fácil iniciar, detener y gestionar todo el stack de manera eficiente.

¿Cómo apoya Wazuh Docker la detección de amenazas?

Wazuh Docker apoya la detección de amenazas a través de características como el análisis de logs en tiempo real, reglas incorporadas y configuraciones personalizables que identifican amenazas y vulnerabilidades, mejorando así las medidas de seguridad proactivas de una organización.

Curtis Chau
Curtis Chau
  Chatea con el equipo de ingeniería ahora
Escritor Técnico

Curtis Chau tiene una licenciatura en Ciencias de la Computación (Carleton University) y se especializa en el desarrollo front-end con experiencia en Node.js, TypeScript, JavaScript y React. Apasionado por crear interfaces de usuario intuitivas y estéticamente agradables, disfruta trabajando con frameworks modernos y creando manuales bien ...

Leer más

Artículos Relacionados

Prueba de 30 días → Producto completo. Sin límites. Sin tarjeta. Comenzar prueba gratuita