All capabilities in one
security platform

Wazuh Capabilities

Wazuh provides Cloud Workload Protection (CWP), threat detection, configuration compliance, and continuous monitoring for multicloud and hybrid environments.
This security platform helps monitor cloud infrastructure at the API level, using integration modules that can extract security data from well-known cloud providers, such as Amazon AWS, Microsoft Azure, or Google Cloud Platform.

The Wazuh Security Configuration Assessment module automatically determines if your systems follow the industry standards about security hardening guidelines. It detects vulnerable, unpatched, or insecurely configured applications. Alerts include recommendations for better configuration, references, and mapping with regulatory compliance that can be customized to meet the needs of different organizations

The use of containers allows teams to work faster, deploy software efficiently and operate at scale. That is the reason why their use has become widespread. However, containers are not built with a security system, adding a new attack surface and being a prime target for cyber-attacks.
With Wazuh, you increase visibility by monitoring their behavior and detecting threats, vulnerabilities, and anomalies in real time.

Wazuh identifies changes in content, permissions, ownership, and file attributes as well as threats or compromised hosts. The File integrity monitoring module allows organizations to comply with the PCI DSS regulatory compliance standard. Wazuh gives you full visibility of your environment and helps you to be prepared against any threat in real-time.

Quick response to cyber threats is crucial to reduce their impact. With Incident Response, Wazuh addresses malicious activities by restricting or even blocking them in near real-time. In addition, Incident Response remotely executes commands and queries into the system, allowing users to identify indicators of compromise (IOCs) and perform other live forensic tasks.

Wazuh is an XDR (Extended detection and response) open source solution that provides intrusion prevention. This capability plays a key role in identifying potential attacks to the system. Malware, rootkits, and suspicious anomalies are under control thanks to the Wazuh agents. From detecting hidden files to unregistered network listeners, Wazuh offers a reliable and effective intrusion detection capability.

The Wazuh agent sends all log records to the Wazuh server for rule-based analysis, storage, and automatic responses. These actions enable the detection of security problems, such as application or system errors, misconfigurations, intrusion attempts, policy violations, or difficulties with log data analysis.

Wazuh helps organizations meet technical compliance requirements, such as PCI DSS (Payment Card Industry Data Security Standard), GPG13, or GDPR. This regulatory compliance capability, combined with scalability and cross-platform support, makes Wazuh an optimal platform for diverse companies.

Wazuh is used to collect, store, index, and analyze security data. The Wazuh server analyzes data received from the agents, processing it through decoders and rules, using threat intelligence to look for system menaces. When threats or anomalies are detected, the Wazuh server triggers an alert.
You can detect intrusions, threats, and behavioral anomalies with our real-time monitoring and security analysis.

Wazuh identifies well-known software vulnerabilities and finds weaknesses in your organization’s critical assets. Through the user interface, you can navigate through the vulnerability alerts and visualize them according to their severity, package name, operating system, or affected servers. This allows quick and effective action to be taken and prevents the theft of sensitive data.

Discover Wazuh, the all-in-one security platform

An open source cybersecurity platform that integrates SIEM and XDR in a unique solution.

Product stack diagram

Central Components

Wazuh indexer

The Wazuh indexer is a highly scalable full-text search and analysis engine.
It is responsible for indexing and storing alerts generated by the Wazuh server. It can be installed as a single-node or multi-node cluster, depending on the environment needs.

Wazuh server

The server manages the agents, configuring and updating them remotely when necessary. This component analyzes the data received from the agents, processing it through decoders and rules and using threat intelligence to look for indicators of compromise.

Wazuh dashboard

A flexible and intuitive web interface for data mining, analysis, and visualization. The dashboard is used to manage the Wazuh configuration and monitor its status.

Endpoint Security Agent

Wazuh agent

The Wazuh agent is a multi-platform component that runs on the endpoints to be monitored.
It provides prevention, detection, and response capabilities.

Deployment Options

Kubernetes logo
Puppet logo
Ansible logo
Docker logo

Learn how Wazuh can
help your organization