Skip to main content
Skip table of contents

Determining the access and registration url for wazuh agents and wazuh cluster connections

For all implementations the fully qualified domain name (FQDN) and tenant names will be different. Below is a brief introduction into the naming standard to determine the correct urls to use for the various processes in the setup and interaction with the platform.

For the below, we have used the FQDN as siem.example.com and tenant1, tenant2 and tenant3 as needed.

Accessing a tenant directly:

In some cases, the different tenants have different users assigned to them and it is preferred that the users should not see other tenants or their information. To accomplish this prefix the FQDN with the tenant name e:g:

For tenant1

https://tenant1.siem.example.com

for tenant2

https://tenant2.siem.example.com

For accessing the XDR directly:

Depending on the design of your environment you may want to point the agents to the central XDR rather than configuring them to connect to the log aggregator. If this is a requirement you would prefix the tenant FQDN with wazuh e.g.

For tenant1

wazuh.tenant1.siem.example.com

For tenant2

wazuh.tenant2.siem.example.com

Note how the second part of the FQDN changes. This structure holds true throughout the environment regardless of tenant name. For general reference this can be referred to as the XDR FQDN.

For configuring the log aggregator (Hydra):

When you set up the hydra, one of the items that you will require is the XDR cluster FQDN. This allows for the remote implementations of the XDR module to run as a distributed cluster which replicates client authentication keys, configurations and parameters for the various sub-components. This will have to be adjusted based on the tenant that you are connecting to. Examples on how to determine this URL is:

For tenant1

internal.wazuh.tenant1.siem.example.com

For tenant2

internal.wazuh.tenant1.siem.example.com

The internal prefix indicates that this will use private IP’s for accessing the kubernetes services over a VPN tunnel rather than using the public facing Internet.

⚠️ NOTE: if you use the wrong URL the wazuh cluster connection will fail as it won’t have the required parameters to connect. If you have the wrong URL and supply it with information for the wrong tenant you will have client data contamination which could have a dire affect on data security and compliance. The utmost case has to be taken when configuring the hydra.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close