Wazuh (GPLv2), the open-source SIEM and XDR security platform, on Ubuntu 24.04 LTS by cloudimg. The all-in-one stack - Wazuh indexer, manager and dashboard - for threat detection, log analysis, file integrity and compliance, with a per-VM admin password on first boot and data on a dedicated Azure disk. 24/7 cloudimg support.
## Wazuh on Ubuntu 24.04 LTS by cloudimg
Wazuh is an open-source SIEM (Security Information and Event Management) and XDR (Extended Detection and Response) platform for threat detection, log data analysis, file integrity monitoring, vulnerability detection and regulatory compliance. This cloudimg image installs the all-in-one Wazuh stack - the Wazuh indexer (OpenSearch-based), the Wazuh manager and the Wazuh dashboard - on Ubuntu 24.04 LTS, stores its data on a dedicated Azure data disk, and rotates the admin password to a unique per-VM value on the first boot of every VM. Backed by 24/7 expert support.
SIEM / XDR
Threat detection, log analysis, file integrity monitoring, vulnerability detection and compliance reporting. Wazuh agents (Linux, Windows, macOS) connect to the manager on ports 1514/1515 and stream security telemetry to the indexer and dashboard.
All-in-One Stack
The Wazuh indexer (the OpenSearch-based search/storage engine), the Wazuh manager (the analysis engine + filebeat), and the Wazuh dashboard (the web UI on HTTPS 443) - all on one VM.
Dedicated Data Disk
The indexer data and the manager state live on a dedicated, independently resizable Azure data disk mounted at /var/lib/wazuh, separate from the OS disk and re-provisioned with every VM.
Secure First Boot
The admin password is rotated to a unique per-VM value on the first boot of every VM, across the indexer, dashboard and filebeat, and written to a root-only file. No shared default credential ships in the image.
Why Choose cloudimg?
* 24/7 Expert Support with guaranteed 24 hour response. Contact support@cloudimg.co.uk
* Production Ready from Launch Pre configured, security patched, and validated before publication
* Azure Native Integration Built with Azure Linux Agent, cloud init, and Gen2 Hyper V
What is Included
* The all-in-one Wazuh stack: indexer, manager and dashboard
* The dashboard on HTTPS port 443, plus an unauthenticated /health endpoint on port 80 for probes
* A unique per-VM admin password rotated on first boot in a root-only file
* A dedicated Azure data disk at /var/lib/wazuh for indexer and manager data
* wazuh-indexer, wazuh-manager and wazuh-dashboard as systemd units
Networking
Open port 443 (the dashboard) and ports 1514/1515 (Wazuh agents) in your NSG, restricted to trusted networks. The image ships self-signed certificates; replace them with a trusted certificate for production.
Use Cases
Self-hosted SIEM and XDR, threat detection and incident response, file integrity and compliance monitoring (PCI DSS, GDPR, HIPAA), and an open-source alternative to commercial SIEM platforms.
Visit www.cloudimg.co.uk/guides/wazuh-on-ubuntu-24-04-azure for the full user guide.
Wazuh is a trademark of Wazuh Inc. cloudimg is not affiliated with or endorsed by Wazuh Inc. All trademarks are the property of their respective holders.