From ab8872b2b944f980f04e745b032985eb554fde10 Mon Sep 17 00:00:00 2001
From: gitea-admin <admin@local>
Date: Tue, 2 Jun 2026 06:03:45 +0000
Subject: [PATCH] feat: deploy Wazuh SIEM for security monitoring

---
 .../security-monitoring/wazuh-app.yaml        | 74 +++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 deployments/security-monitoring/wazuh-app.yaml

diff --git a/deployments/security-monitoring/wazuh-app.yaml b/deployments/security-monitoring/wazuh-app.yaml
new file mode 100644
index 0000000..f5dd4b4
--- /dev/null
+++ b/deployments/security-monitoring/wazuh-app.yaml
@@ -0,0 +1,74 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: wazuh
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://wazuh.github.io/wazuh-certified-helm-charts
+    chart: wazuh
+    targetRevision: 0.3.0
+    helm:
+      releaseName: wazuh
+      values: |
+        ## Global settings
+        global:
+          email: "admin@khalisio.com"
+          secretKey: "wazuh-secret-key-change-me"
+          basicAuthentication: true
+          basicAuthenticationPassword: "wazuh"
+          basicAuthenticationToken: ""
+          workerReplicas: 0
+
+        ## Wazuh Manager
+        wazuh.manager:
+          replicas: 1
+          persistence:
+            enabled: true
+            storageClass: longhorn
+            size: 10Gi
+
+        ## Wazuh Dashboard (Kibana with Wazuh plugin)
+        wazuh.dashboard:
+          replicas: 1
+          ingress:
+            enabled: true
+            host: wazuh.khalisio.com
+            annotations:
+              traefik.ingress.kubernetes.io/router.entrypoints: websecure
+              traefik.ingress.kubernetes.io/router.tls: "true"
+              traefik.ingress.kubernetes.io/middlewares: "crowdsec,khalis-authentik"
+            tls: true
+
+        ## Filebeat
+        wazuh.filebeat:
+          replicas: 1
+
+        ## Elasticsearch (Wazuh Certified)
+        wazuh.certified:
+          replicas: 1
+          persistence:
+            enabled: true
+            storageClass: longhorn
+            size: 10Gi
+          resources:
+            requests:
+              cpu: "500m"
+              memory: "1Gi"
+            limits:
+              cpu: "2"
+              memory: "4Gi"
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: wazuh
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true