diff --git a/extra/wazuh.yml b/extra/wazuh.yml
index d086559..34eb064 100644
--- a/extra/wazuh.yml
+++ b/extra/wazuh.yml
@@ -41,6 +41,8 @@ services:
       - network.host=0.0.0.0
       - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
       - bootstrap.memory_lock=true
+    volumes:
+      - ../../mistborn_volumes/extra/wazuh/init/internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
     ulimits:
       memlock:
         soft: -1
@@ -73,9 +75,9 @@ services:
       - ../.envs/.production/.wazuh
     depends_on:
       - wazuh-elasticsearch
-    links:
-      - wazuh-elasticsearch:elasticsearch
-      - wazuh:wazuh
+    #links:
+    #  - wazuh-elasticsearch:elasticsearch
+    #  - wazuh:wazuh
 
 volumes:
   ossec_api_configuration:
diff --git a/scripts/services/wazuh/files/internal_users.yml b/scripts/services/wazuh/files/internal_users.yml
new file mode 100644
index 0000000..540eede
--- /dev/null
+++ b/scripts/services/wazuh/files/internal_users.yml
@@ -0,0 +1,17 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+  type: "internalusers"
+  config_version: 2
+
+# Define your internal users here
+
+mistborn:
+  hash: "__MISTBORN_HASH__"
+  reserved: true
+  backend_roles:
+  - "admin"
+  description: "Mistborn user"
+
diff --git a/scripts/services/wazuh/init.sh b/scripts/services/wazuh/init.sh
new file mode 100755
index 0000000..3055d87
--- /dev/null
+++ b/scripts/services/wazuh/init.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+if [[ -f "/opt/mistborn_volumes/extra/wazuh/init/internal_users.yml" ]]; then
+    echo "internal_users.yml exists. Proceeding."
+    exit 0
+fi
+
+mkdir -p /opt/mistborn_volumes/extra/wazuh/init/ >/dev/null 2>&1
+chmod -R +x /opt/mistborn_volumes/extra/wazuh/init/
+cp /opt/mistborn/scripts/services/wazuh/files/internal_users.yml /opt/mistborn_volumes/extra/wazuh/init/
+
+WAZUH_MISTBORN_HASHED=$(docker run --rm -ti amazon/opendistro-for-elasticsearch:1.12.0 bash /usr/share/elasticsearch/plugins/opendistro_security/tools/hash.sh -p "${MISTBORN_DEFAULT_PASSWORD}")
+
+sed -i "s/__MISTBORN_HASH__/${WAZUH_MISTBORN_HASHED}/" /opt/mistborn_volumes/extra/guacamole/init/initdb.sql
\ No newline at end of file
diff --git a/scripts/subinstallers/extra/wazuh.sh b/scripts/subinstallers/extra/wazuh.sh
index 952b4ff..049afa0 100755
--- a/scripts/subinstallers/extra/wazuh.sh
+++ b/scripts/subinstallers/extra/wazuh.sh
@@ -4,6 +4,16 @@
 WAZUH_PROD_FILE="$1"
 echo "ELASTIC_USERNAME=mistborn" > $WAZUH_PROD_FILE
 echo "ELASTIC_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $WAZUH_PROD_FILE
+
 echo "ELASTICSEARCH_USERNAME=mistborn" >> $WAZUH_PROD_FILE
 echo "ELASTICSEARCH_PASSWORD=$MISTBORN_DEFAULT_PASSWORD" >> $WAZUH_PROD_FILE
+
+# kibana odfe
+# kibana-odfe/config/wazuh_app_config.sh
+#WAZUH_API_URL="https://wazuh"
+#API_PORT="55000"
+
+# kibana-odfe/config/entrypoint.sh:
+#ELASTICSEARCH_URL="https://elasticsearch:9200"
+
 chmod 600 $WAZUH_PROD_FILE
\ No newline at end of file