This guide bypasses the generic advice and dives into the methodical, technical steps required to diagnose, fix, and stabilize your Wazuh cluster.

A Python tool and library that parses EVTX files and converts them into JSON formatted logs mimicking Wazuh agent behavior in version 4.x. wazuhevtx is designed as a helper for wazuh-logtest tool.

The article describes how to integrate Wazuh with HPE Aruba ClearPass by forwarding ClearPass logs via syslog to Wazuh for centralized monitoring and analysis.

The article outlines key server‑side configurations for Wazuh, including installing on Ubuntu (recommended: 22.04, minimum 8 GB RAM, 4 vCPUs, 50 GB storage).
It covers setting up log retention policies, installing additional decoders/rules (e.g. from SOC Fortress), and securing the server via firewall rules and system hardening (e.g. using Lynis).
Finally, it cautions about upgrade risks, advising disabling the Wazuh repository before doing a general apt upgrade to avoid breaking Wazuh itself.

It’s time to connect Wazuh to a modern authentication provider. This guide will walk you through integrating Wazuh with Keycloak, a powerful open-source Identity and Access Management (IAM) solution.

The article argues that combining Docker and Terraform enables smooth, repeatable deployment of Wazuh—from quick lab setups to full-scale production environments.
Docker provides portability and ease for bundle-based deployments, while Terraform codifies and automates the underlying infrastructure.
Together, they allow security teams to deploy, scale, tear down, and reproduce Wazuh environments reliably and consistently.

We’ve added two new overview dashboards to CoPilot, powered by Wazuh: the SCA Overview and the Vulnerability Overview. These give you a big-picture view across all your clients, with filters that make it easy to spot your most insecure endpoints in seconds.