One unified platform for complete protection

Wazuh monitors system and application configuration settings to ensure they are compliant with your security policies, standards, and/or hardening guides. The Wazuh agents perform periodic scans to detect misconfigurations or security gaps in endpoints that can be exploited by threat actors. Additionally, you can customize these configuration checks, thereby tailoring them to properly align with your organization's needs. Security alerts include recommendations for better configuration, references, and mapping with regulatory compliance.

Wazuh detects malicious activities and indicators of compromise that occur on endpoints as a result of malware infection or cyberattack. Wazuh out-of-the-box ruleset and capabilities like Security Configuration Assessment (SCA), Rootcheck, and File Integrity Monitoring (FIM) help to detect malicious activities and anomalies. You can configure and customize these Wazuh capabilities to suit your organization's requirements.

Wazuh monitors the file system, identifying changes in content, permissions, ownership, and attributes of files that you need to keep track of. In addition, it natively identifies users and applications used to create or modify files. You can use the Wazuh File Integrity Monitoring capability in combination with threat intelligence to identify threats or compromised endpoints. In addition, FIM helps to meet several regulatory compliance standards, such as PCI DSS, NIST, and others.

Wazuh offers comprehensive visibility into monitored endpoints and infrastructure. It provides log retention, indexing, and querying capabilities that help you investigate threats that may have bypassed initial security controls. Threat detection rules are mapped against the MITRE ATT&CK framework to aid in the investigation and referencing of tactics, techniques, and procedures commonly used by attackers. Wazuh also integrates with third-party threat intelligence feeds and platforms for enhanced threat hunting.

Wazuh agents collect operating system and application logs, and securely forward them to the Wazuh server for rule-based analysis and storage. The Wazuh rules detect application or system errors, misconfigurations, malicious activities, policy violations, and various other security and operational issues.

Wazuh agents pull software inventory data and send this information to the Wazuh server. The collected inventory data is then correlated with continuously updated CVE (Common Vulnerabilities and Exposure) databases, to identify known vulnerable software. Automated vulnerability detection helps you find the flaws in your critical assets and take corrective action before attackers exploit them for malicious purposes.

Wazuh provides out-of-the-box active responses to perform various countermeasures against ongoing threats. These responses are triggered when certain criteria are met, they include actions like blocking network access to an endpoint from the threat source and others. In addition, Wazuh can be used to remotely run commands or system queries, identify indicators of compromise (IOCs), and help perform incident response tasks.

Wazuh provides some of the necessary security controls to become compliant with industry standards and regulations. Some of these security controls include File Integrity Monitoring (FIM), Security Configuration Assessment (SCA), vulnerability detection, system inventory, and more. These capabilities, combined with its scalability and multi-platform support help organizations meet technical compliance requirements. Wazuh provides reports and dashboards for regulations such as PCI DSS, NIST, TSC, and HIPAA.

Wazuh builds an up-to-date system inventory of all monitored endpoints. This system inventory contains data like installed applications, running processes, open ports, hardware and operating system information, and others. Collecting this information helps organizations optimize asset visibility and maintain good IT hygiene.Several other Wazuh capabilities like vulnerability detection, Security Configuration Assessment, and malware detection help to protect monitored endpoints and improve IT hygiene.

Wazuh provides security visibility into Docker hosts and containers, monitoring their behavior and detecting threats, vulnerabilities, and anomalies. The Wazuh agent has native integration with the Docker engine allowing users to monitor images, volumes, network settings, and running containers. Wazuh continuously collects and analyzes detailed runtime information. For example, alerting for containers running in privileged mode, vulnerable applications, a shell running in a container, changes to persistent volumes or images, and other possible threats.

Wazuh integrates with cloud platforms, collecting and aggregating security data. It alerts on discovered security risks and vulnerabilities to ensure security and compliance with regulatory standards.

Wazuh monitors and protects workloads in cloud environments as well as on-premises workloads. You can integrate Wazuh with cloud platforms like AWS, Microsoft Azure, GCP, Microsoft 365, and GitHub to monitor services, virtual machines, and the activities occurring on these platforms. The centralized log management of Wazuh helps organizations that use these cloud platforms to adhere to regulatory requirements.