Blog / Engineering / Managing multiple Wazuh clusters with Cross-Cluster Search

Cross-Cluster Search (CCS) in Wazuh allows alerts from remote Wazuh clusters to be queried and viewed at a centralized location. The centralized location known as the Cross-Cluster Search (CCS) environment is trusted by the remote Wazuh clusters, enabling it to perform search operations. This lets security alerts be seen via a single Wazuh dashboard at […]

Blog / Engineering / Wazuh multi-site implementation

Wazuh multi-site implementation offers a solution that helps organizations unify their security monitoring capabilities across multiple geographically dispersed locations or sites. This implementation focuses on having Wazuh cluster components that collect, process, and store logs from the Wazuh agents within each site. A single Wazuh dashboard displays security alerts generated from events occurring in monitored […]

Blog / Engineering / Wazuh agent deployment strategies for persistence in Kubernetes

The Wazuh agent is a component of the Wazuh SIEM and XDR solution that protects monitored endpoints such as servers, laptops, and virtual machines. Deploying Wazuh agents in containerized endpoints orchestrated by Kubernetes requires a more resilient deployment strategy. In containerized environments where workloads are ephemeral and dynamic, maintaining a persistent identity and configuration for […]

Blog / Engineering / Measuring Wazuh performance and operational efficiency

Measuring performance and operational efficiency of your XDR/SIEM ensures that it runs reliably, scales effectively, and delivers timely security insights. Monitoring metrics like resource usage, connection times, and log processing helps identify bottlenecks, optimize configurations, and prevent downtime. It also ensures that threat detection and intelligence coverage remain consistent, even under high workloads. The Wazuh […]

Blog / Engineering / Load balancing a Wazuh server cluster using NGINX

In this blog post, we demonstrate how to configure an NGINX network load balancer using the hash algorithm.

Blog / Engineering / Migrating from OSSEC to Wazuh

OSSEC is an open source host-based Intrusion Detection System (IDS) that provides log analysis, integrity monitoring, real-time alerting, and active response capabilities. In recent years, the OSSEC project has been in maintenance mode with limited emphasis on active development.  In 2015, the Wazuh team decided to fork the project, expanding upon the OSSEC core functionalities […]

Blog / Engineering / Deploying Wazuh on Kubernetes using AWS EKS

Learn how to deploying Wazuh cluster with Elastic Stack in EKS and how to add a Wazuh agent and visualize the environment through Kibana.

Blog / Engineering / Wazuh integration with Amazon Security Lake as a custom source

Amazon Security Lake is a fully managed service that helps organizations aggregate, store, and analyze security data from various sources, such as AWS services, on-premise logs, and third-party SaaS applications. Security administrators can use AWS services like Athena to query the security data, which gives them insight into potential threats and vulnerabilities across an organization’s […]

Blog / Engineering / How Wazuh provides endpoint security without kernel-level access

User mode and kernel mode are two operating states within a computer system that define different levels of access and control to the hardware resources of a computer. Choosing the right mode between the two is important, as it affects the security and stability of the computer.  User mode is a restricted operating environment where […]

Blog / Engineering / Ransomware protection on Windows with Wazuh

Providing Ransomware protection on our endpoints is important as these attacks have become one of the most prevalent and damaging cyber threats faced by organizations and individuals. These types of attacks continue to rise due to the lucrative nature of ransom payments. Ransomware attacks adopt sophisticated techniques, such as advanced encryption algorithms and social engineering […]

Blog / Engineering / Configuration management of Wazuh endpoints using Ansible

Configuration management is the process of maintaining computer systems, servers, network devices, and software in a desired and consistent state. Configuration management tools allow you to quickly and remotely control large numbers of different endpoints in an automated way from a centralized location. There are several popular configuration management tools. These include Ansible, Chef, Puppet, […]

Blog / Engineering / Wazuh agent groups and centralized configuration

Centralized configuration management offers a unified approach for organizing, controlling, and modifying configurations within a large infrastructure. They mitigate the challenges associated with manual configuration management, such as human errors, inconsistencies, and time-consuming updates. Wazuh, the unified XDR and SIEM platform, offers a feature for streamlining agent configuration and enhancing security management: Wazuh agent groups […]