Security Configuration Assessment (SCA)

Wazuh provides a Security Configuration Assessment (SCA) module that performs scans to detect misconfigurations and exposures on monitored endpoints and recommends remediation actions.
We demonstrate how to identify misconfigurations and system hardening settings on Windows, Ubuntu, and macOS endpoints.
Identifying a failed SCA check
- Select Configuration Assessment under Endpoint Security.
- Click Select agent to view the list of monitored endpoints.
- Select the Windows endpoint to view the SCA policy, in our case - CIS Microsoft Windows 11 Enterprise Benchmark v3.0.0.
- Click on any failed SCA check, in our case, the SCA check with ID 26013, to view the remediation recommendations.

Remediation process
- Implement the recommended action on the Windows endpoint to remediate this.
- Restart the Wazuh agent and refresh the Wazuh dashboard.
- Navigate to the Events tab to view the remediation actions carried out.
- Select the remediated entry to view more details. Status changed from failed to passed.

Identifying a failed SCA check
- Select Configuration Assessment under Endpoint Security.
- Click Select agent to view the list of monitored endpoints.
- Select the Ubuntu 24 endpoint to view the SCA policy, in our case - CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0.
- Click on any failed SCA check, in our case, the SCA check with ID 28590, to view the remediation recommendations.

Remediation process
- Implement the recommended action on the Linux endpoint to remediate this.
- Restart the Wazuh agent and refresh the Wazuh dashboard.
- Navigate to the Events tab to view the remediation actions that were carried out.
- Select the remediated entry to view more details. Status changed from failed to passed.

Identifying a failed SCA check
- Select Configuration Assessment under Endpoint Security.
- Click Select agent to view the list of monitored endpoints.
- Select the macOS endpoint to view the SCA policy, in our case - CIS_Apple_macOS_15.0_Sequoia_Benchmark_v1.0.0.
- Click on the failed SCA check with ID 35042 to view the remediation recommendations.

Remediation process
- Implement the recommended action on the macOS endpoint to remediate this.
- Restart the macOS endpoint and refresh the Wazuh dashboard.
- Navigate to the Events tab to view the remediation actions that were carried out.
- Select the remediated entry to view more details. Status changed from failed to passed.
