Wazuh as a Service

Wazuh solution delivered as a service (SAAS)

Wazuh monitoring solution consists of a highly scalable, two-tier architecture to manage and monitor your cloud and on-premises security. The Wazuh agent runs on each monitored system, collecting events and forwarding those to the Wazuh cloud infrastructure, composed by analysis servers, which are used to process events data, and an Elastic Stack cluster where information is indexed and stored.

Wazuh agent

The Wazuh agent runs on Windows, Linux, Solaris, BSD, AIX and Mac operating systems. It is used to collect different types of system and application data that it forwards to the Wazuh server through an encrypted and authenticated channel. In order to establish this secure channel, a registration process involving unique pre-shared keys is utilized.

The agents can be used to monitor physical servers, virtual machines and cloud instances (e.g. Amazon AWS, Azure or Google Cloud). Pre-compiled agent installation packages are available for Linux, HP-UX, AIX, Solaris, Windows, and Darwin (Mac OS X).

Wazuh cloud infrastructure

Wazuh cloud infrastructure is composed by cloud instances, used to analyze and index data collected by the agents, detecting intrusion attempts, policy violations, file changes, malware and vulnerabilities. In addition, an Elastic Stack cluster is used to provide a full-text search and analytics engine, with a flexible and intuitive web user interface.

As part of our cloud infrastructure, Wazuh provides a single-tenant data store, so your data is completely isolated from other customer’s data. Data is processed through dedicated containers and store both in an Elastic Stack cluster, where it is available through the user interface, and a compliance-ready cold storage environment, where it can be readily requested for a date range as needed.

Subscription based model

Wazuh scales with your business needs. You can deploy as many agents as needed, monitoring your cloud and on-premises environments. This includes physical servers, endpoints, virtual machines and cloud instances. In addition, network devices and other Syslog sources can also be monitored by having them reporting events to one of the agent systems or directly to our cloud infrastructure.

Our subscription model is based on indexed data per month, with different subscription tiers for all environment sizes, starting at 250GB per month. The service also includes:

• 12 months of cold storage, with the ability to extend it.
• Support and maintenance for deployed agents and SAAS infrastructure.
• Monthly health-checks and tuning, done by our engineers.
• Software and detection ruleset upgrades.
• Compliance mapping for GDPR, PCI DSS and GPG13.
• Integration with threat intelligence sources (Open Threat Exchange).