Active XDR protection
from modern threats

The Wazuh Extended Detection and Response (XDR) platform provides a comprehensive security solution that detects, analyzes, and responds to threats across multiple IT infrastructure layers. Wazuh collects telemetry from endpoints, network devices, cloud workloads, third-party APIs, and other sources for unified security monitoring and protection.


Focus the attention of your analysts and cut the time spent analyzing telemetry from multiple security platforms. Wazuh maps detected events to the relevant adversary tactics and techniques. It also ingests third-party threat intelligence data and allows you to create custom queries to filter events and aid threat hunting.


Detect and respond to threats based on unusual behavior patterns. The Wazuh behavioral analysis capabilities involve using advanced analytics to identify deviations from normal behavior, which may indicate potential security threats. These capabilities include monitoring file integrity, network traffic, user behavior, and anomalies in system performance metrics.


Reduce the average response time to incidents with the Wazuh active response module. Wazuh automatically responds to threats to mitigate the potential impact on your infrastructure. You can use the built-in response actions or create custom actions according to your incident response plan.

See our active response documentation for more details.

Cloud workload

Provide security coverage for your cloud workloads and containers. Wazuh has built-in integration with cloud services to collect and analyze telemetry.
It protects native and hybrid cloud environments including container infrastructure by detecting and responding to current and emerging threats.

See our cloud security and container security documentation for more details.


Wazuh incorporates threat intelligence feeds to detect and respond to known threats. It integrates with threat intelligence sources, including open source intelligence (OSINT), commercial feeds, and user-contributed data to provide up-to-date information on potential threats.

and reporting

Meet regulatory compliance requirements, generate reports, and demonstrate the effectiveness of your security program. Wazuh performs regulatory compliance checks against regulations and security standards, such as PCI-DSS, HIPAA, GDPR, and more.

Universal agent
for endpoint protection

Deploy the Wazuh agent on your endpoints to detect and respond to cyber threats. The Wazuh agent runs on the most common operating systems to detect malware, perform file integrity monitoring, read endpoint telemetry, perform vulnerability assessment, scan system configuration, and automatically respond to threats.

Integration with
third-party solutions

Wazuh extends its threat detection capability by integrating third-party solutions, and unifying telemetry from various sources to consolidate real-time log data. It ingests telemetry via syslog or APIs from third-party applications, devices, and workloads like cloud providers and SaaS vendors.

Open source

Wazuh offers several advantages as an open source XDR platform. It is customizable and can be modified to meet specific needs, giving greater flexibility and control over your environment. It has a large community of users and developers who provide support and expertise. Furthermore, it integrates with a broad range of security solutions, allowing you to create a comprehensive security ecosystem.

Learn how Wazuh can
help your organization