Active XDR protection
from modern threats

The Wazuh Extended Detection and Response (XDR) platform provides a comprehensive security solution that detects, analyzes, and responds to threats across multiple IT infrastructure layers. Wazuh collects telemetry from endpoints, network devices, cloud workloads, third-party APIs, and other sources for unified security monitoring and protection.

Capabilities

Threat hunting

Focus the attention of your analysts and cut the time spent analyzing telemetry from multiple security platforms. Wazuh maps detected events to the relevant adversary tactics and techniques. It also ingests third-party threat intelligence data and allows you to create custom queries to filter events and aid threat hunting.

Threat hunting dashboard

Behavioral analysis

Detect and respond to threats based on unusual behavior patterns. The Wazuh behavioral analysis capabilities involve using advanced analytics to identify deviations from normal behavior, which may indicate potential security threats. These capabilities include monitoring file integrity, network traffic, user behavior, and anomalies in system performance metrics.

Behavioral analysis dashboard

Automated response

Reduce the average response time to incidents with the Wazuh active response module. Wazuh automatically responds to threats to mitigate the potential impact on your infrastructure. You can use the built-in response actions or create custom actions according to your incident response plan.

Automated response dashboard

Cloud workload protection

Provide security coverage for your cloud workloads and containers. Wazuh has built-in integration with cloud services to collect and analyze telemetry.
It protects native and hybrid cloud environments including container infrastructure by detecting and responding to current and emerging threats.

See our cloud security and container security documentation for more details.

Cloud workload protection dashboard

Threat intelligence

Wazuh incorporates threat intelligence feeds to detect and respond to known threats. It integrates with threat intelligence sources, including open source intelligence (OSINT), commercial feeds, and user-contributed data to provide up-to-date information on potential threats.

Threat intelligence dashboard

Compliance and reporting

Meet regulatory compliance requirements, generate reports, and demonstrate the effectiveness of your security program. Wazuh performs regulatory compliance checks against regulations and security standards, such as PCI-DSS, HIPAA, GDPR, and more.

Compliance and reporting dashboard

Features

Universal agent for endpoint protection

Deploy the Wazuh agent on your endpoints to detect and respond to cyber threats. The Wazuh agent runs on the most common operating systems to detect malware, perform file integrity monitoring, read endpoint telemetry, perform vulnerability assessment, scan system configuration, and automatically respond to threats.

Universal agent for endpoint protection dashboard

Integration with third-party solutions

Wazuh extends its threat detection capability by integrating third-party solutions, and unifying telemetry from various sources to consolidate real-time log data. It ingests telemetry via syslog or APIs from third-party applications, devices, and workloads like cloud providers and SaaS vendors.

Integration with third-party solutions dashboard

Open source

Wazuh offers several advantages as an open source XDR platform. It is customizable and can be modified to meet specific needs, giving greater flexibility and control over your environment. It has a large community of users and developers who provide support and expertise. Furthermore, it integrates with a broad range of security solutions, allowing you to create a comprehensive security ecosystem.

Open source dashboard

Learn how Wazuh can
help your organization