One unified platform
for complete protection

Wazuh delivers robust security monitoring and protection for your IT assets using its Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) capabilities. Wazuh use cases are designed to safeguard your digital assets and enhance your organization's cybersecurity posture.

Use cases

Configuration Assessment

Wazuh monitors system and application configuration settings to ensure they are compliant with your security policies, standards, and/or hardening guides. The Wazuh agents perform periodic scans to detect misconfigurations or security gaps in endpoints that can be exploited by threat actors. Additionally, you can customize these configuration checks, thereby tailoring them to properly align with your organization's needs. Security alerts include recommendations for better configuration, references, and mapping with regulatory compliance.

Configuration Assessment dashboard

Malware Detection

Wazuh detects malicious activities and indicators of compromise that occur on endpoints as a result of malware infection or cyberattack. Wazuh out-of-the-box ruleset and capabilities like Security Configuration Assessment (SCA), Rootcheck, and File Integrity Monitoring (FIM) help to detect malicious activities and anomalies. You can configure and customize these Wazuh capabilities to suit your organization's requirements.

Malware Detection dashboard

File Integrity Monitoring

Wazuh monitors the file system, identifying changes in content, permissions, ownership, and attributes of files that you need to keep track of. In addition, it natively identifies users and applications used to create or modify files. You can use the Wazuh File Integrity Monitoring capability in combination with threat intelligence to identify threats or compromised endpoints. In addition, FIM helps to meet several regulatory compliance standards, such as PCI DSS, NIST, and others.

File Integrity Monitoring dashboard

Threat Hunting

Wazuh offers comprehensive visibility into monitored endpoints and infrastructure. It provides log retention, indexing, and querying capabilities that help you investigate threats that may have bypassed initial security controls. Threat detection rules are mapped against the MITRE ATT&CK framework to aid in the investigation and referencing of tactics, techniques, and procedures commonly used by attackers. Wazuh also integrates with third-party threat intelligence feeds and platforms for enhanced threat hunting.

Threat Hunting dashboard

Log Data Analysis

Wazuh agents collect operating system and application logs, and securely forward them to the Wazuh server for rule-based analysis and storage. The Wazuh rules detect application or system errors, misconfigurations, malicious activities, policy violations, and various other security and operational issues.

Log Data Analysis dashboard

Vulnerability Detection

Wazuh agents pull software inventory data and send this information to the Wazuh server. The collected inventory data is then correlated with continuously updated CVE (Common Vulnerabilities and Exposure) databases, to identify known vulnerable software. Automated vulnerability detection helps you find the flaws in your critical assets and take corrective action before attackers exploit them for malicious purposes.

Vulnerability Detection dashboard

Incident Response

Wazuh provides out-of-the-box active responses to perform various countermeasures against ongoing threats. These responses are triggered when certain criteria are met, they include actions like blocking network access to an endpoint from the threat source and others. In addition, Wazuh can be used to remotely run commands or system queries, identify indicators of compromise (IOCs), and help perform incident response tasks.

Incident Response dashboard

Regulatory Compliance

Wazuh provides some of the necessary security controls to become compliant with industry standards and regulations. Some of these security controls include File Integrity Monitoring (FIM), Security Configuration Assessment (SCA), vulnerability detection, system inventory, and more. These capabilities, combined with its scalability and multi-platform support help organizations meet technical compliance requirements. Wazuh provides reports and dashboards for regulations such as GDPR, NIST, TSC, and HIPAA.

Regulatory Compliance dashboard

IT Hygiene

Wazuh builds an up-to-date system inventory of all monitored endpoints. This system inventory contains data like installed applications, running processes, open ports, hardware and operating system information, and others. Collecting this information helps organizations optimize asset visibility and maintain good IT hygiene.Several other Wazuh capabilities like vulnerability detection, Security Configuration Assessment, and malware detection help to protect monitored endpoints and improve IT hygiene.

IT Hygiene dashboard

Containers Security

Wazuh provides security visibility into Docker hosts and containers, monitoring their behavior and detecting threats, vulnerabilities, and anomalies. The Wazuh agent has native integration with the Docker engine allowing users to monitor images, volumes, network settings, and running containers. Wazuh continuously collects and analyzes detailed runtime information. For example, alerting for containers running in privileged mode, vulnerable applications, a shell running in a container, changes to persistent volumes or images, and other possible threats.

Containers Security dashboard

Posture Management

Wazuh integrates with cloud platforms, collecting and aggregating security data. It alerts on discovered security risks and vulnerabilities to ensure security and compliance with regulatory standards.

Posture Management dashboard

Workload Protection

Wazuh monitors and protects workloads in cloud environments as well as on-premises workloads. You can integrate Wazuh with cloud platforms like AWS, Microsoft Azure, GCP, Microsoft 365, and GitHub to monitor services, virtual machines, and the activities occurring on these platforms. The centralized log management of Wazuh helps organizations that use these cloud platforms to adhere to regulatory requirements.

Workload Protection dashboard

Discover Wazuh, the all-in-one security platform

An open source cybersecurity platform that integrates SIEM and XDR capabilities in a unique solution.

Wazuh Security Platform
Wazuh Security Platform

Central components

Wazuh indexer Wazuh Indexer

The Wazuh indexer is a highly scalable full-text search and analysis engine. It is responsible for indexing and storing alerts generated by the Wazuh server. It can be installed as a single-node or multi-node cluster, depending on the environment needs.

Wazuh server Wazuh Server

The server manages the agents, configuring and updating them remotely when necessary. This component analyzes the data received from the agents, processing it through decoders and rules and using threat intelligence to look for indicators of compromise.

Wazuh dashboard Wazuh Dashboard

A flexible and intuitive web interface for data mining, analysis, and visualization. The dashboard is used to manage the Wazuh configuration and monitor its status.

Endpoint security agent

Wazuh agent Wazuh Agent

The Wazuh agent is a multi-platform component that runs on the endpoints to be monitored. It provides prevention, detection, and response capabilities.

Deployment options

Kubernetes logo
Puppet logo
Ansible logo
Docker logo

Learn how Wazuh can
help your organization