// the find
wazuh/wazuh-docker
Wazuh - Docker containers
Official Docker deployment for the Wazuh SIEM/XDR platform — manager, OpenSearch indexer, and dashboard in compose files for single-node and multi-node setups. It's for security teams or homelab users who want to run Wazuh without touching bare-metal installation. The platform itself handles IDS, file integrity monitoring, vulnerability detection, and compliance reporting.
Single-node vs multi-node split is clean — you pick the right compose file and go, no flag soup. Certificate generation and security admin bootstrapping are scripted out of the box, which removes the most painful part of standing up an Elasticsearch-derived stack. Multi-node setup includes Nginx as a load balancer in the compose, so you're not duct-taping that in yourself. Active maintenance from the Wazuh team with CI workflows testing integration on each push.
The stack is heavy — OpenSearch plus Wazuh manager plus dashboard means you're looking at 8+ GB RAM minimum in practice, which the docs understate. Upgrades are documented as 'bring down, update images, bring up' with no zero-downtime path for the single-node setup, which is the one most people actually run. Persistent data layout ties volumes tightly to the compose file, so if you want to migrate to Kubernetes later you'll be untangling that manually. The agent Dockerfile uses s6-overlay init which works but is an obscure dependency that breaks in subtle ways if you try to customize the container.