What is Wazuh?
Wazuh is a free and open-source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments.
Wazuh helps organizations and individuals protect their data assets against security threats. It is widely used by thousands of organizations worldwide, ranging from small businesses to large enterprises.
The solution is composed of a single universal agent and three central components:
- Wazuh Server
- Wazuh Indexer
- Wazuh Dashboard
The Wazuh indexer is a highly scalable full-text search and analysis engine. It is responsible for indexing and storing alerts generated by the Wazuh server.
It can be installed as a single-node or multi-node cluster, depending on the environment needs.
The server manages the agents, configuring and updating them remotely when necessary.
This component analyzes the data received from the agents, processing it through decoder and rules and using threat intelligence to look for indicators of compromise.
A flexible and intuitive web interface for data mining, analysis, and visualization. The dashboard is used to manage the Wazuh configuration and monitor its status.