Wazuh as a Service

Wazuh solution delivered as a service (SAAS)

Wazuh monitoring solution consists of a highly scalable, two-tier architecture to manage and monitor your cloud and on-premises enviroments. The Wazuh agent runs on each monitored system, collecting events and forwarding them to the Wazuh cloud infrastructure composed of analysis servers, which are used to process event data, and an Elastic Stack cluster where information is indexed and stored.

Wazuh agent

The Wazuh agent runs on Windows, Linux, Solaris, BSD, AIX and Mac operating systems. It is used to collect different types of system and application data that it forwards to the Wazuh server through an encrypted and authenticated channel. In order to establish this secure channel, a registration process involving unique pre-shared keys is utilized.

The agents can be used to monitor physical servers, virtual machines and cloud instances (e.g. Amazon AWS, Azure or Google Cloud). Pre-compiled agent installation packages are available for Linux, HP-UX, AIX, Solaris, Windows, and Darwin (Mac OS X).

Wazuh cloud infrastructure

The Wazuh cloud infrastructure is composed of cloud instances used to analyze and index data collected by the agents and to detect intrusion attempts, policy violations, file changes, malware and vulnerabilities. In addition, an Elastic Stack cluster is used to provide a full-text search and analytics engine with a flexible and intuitive web user interface.

As part of our cloud infrastructure, Wazuh provides a single-tenant data store, so your data is completely isolated from other customer’s data. Data is processed through dedicated containers and stored both in an Elastic Stack cluster, where it is available through the user interface, and in a compliance-ready cold storage environment, where it can be readily requested for a date range as needed.

Subscription based model

Wazuh scales with your business needs. You can deploy as many agents as needed to monitor your cloud and on-premises environments. This includes physical servers, endpoints, virtual machines and cloud instances. In addition, network devices and other Syslog sources can also be monitored by having them report events to one of the agent systems or directly to our cloud infrastructure.

Our subscription model is based on the amount of indexed data, with different subscription tiers for all environment sizes, starting at 100GB per month. The service also includes:

• 12 months of cold storage with the option to extend.
• Support and maintenance for deployed agents and SAAS infrastructure.
• Health-checks and tuning performed by our engineers.
• Software and detection ruleset upgrades.
• Compliance mapping for GDPR, PCI DSS and GPG13.
• Integration with threat intelligence sources (Open Threat Exchange).