Blog / Engineering / Managing multiple Wazuh clusters with Cross-Cluster Search
Cross-Cluster Search (CCS) in Wazuh allows alerts from remote Wazuh clusters to be queried and viewed at a centralized location. The centralized location known as the Cross-Cluster Search (CCS) environment is trusted by the remote Wazuh clusters, enabling it to perform search operations. This lets security alerts be seen via a single Wazuh dashboard at […]
Blog / Engineering / Wazuh multi-site implementation
Wazuh multi-site implementation offers a solution that helps organizations unify their security monitoring capabilities across multiple geographically dispersed locations or sites. This implementation focuses on having Wazuh cluster components that collect, process, and store logs from the Wazuh agents within each site. A single Wazuh dashboard displays security alerts generated from events occurring in monitored […]
Blog / Engineering / Load balancing a Wazuh server cluster using NGINX
In this blog post, we demonstrate how to configure an NGINX network load balancer using the hash algorithm.
Blog / Engineering / Migrating from OSSEC to Wazuh
OSSEC is an open source host-based Intrusion Detection System (IDS) that provides log analysis, integrity monitoring, real-time alerting, and active response capabilities. In recent years, the OSSEC project has been in maintenance mode with limited emphasis on active development. In 2015, the Wazuh team decided to fork the project, expanding upon the OSSEC core functionalities […]
Blog / Engineering / Deploying Wazuh on Kubernetes using AWS EKS
Learn how to deploying Wazuh cluster with Elastic Stack in EKS and how to add a Wazuh agent and visualize the environment through Kibana.
Blog / Engineering / Wazuh integration with Amazon Security Lake as a custom source
Amazon Security Lake is a fully managed service that helps organizations aggregate, store, and analyze security data from various sources, such as AWS services, on-premise logs, and third-party SaaS applications. Security administrators can use AWS services like Athena to query the security data, which gives them insight into potential threats and vulnerabilities across an organization’s […]
Blog / Engineering / How Wazuh provides endpoint security without kernel-level access
User mode and kernel mode are two operating states within a computer system that define different levels of access and control to the hardware resources of a computer. Choosing the right mode between the two is important, as it affects the security and stability of the computer. User mode is a restricted operating environment where […]
Blog / Engineering / Ransomware protection on Windows with Wazuh
Providing Ransomware protection on our endpoints is important as these attacks have become one of the most prevalent and damaging cyber threats faced by organizations and individuals. These types of attacks continue to rise due to the lucrative nature of ransom payments. Ransomware attacks adopt sophisticated techniques, such as advanced encryption algorithms and social engineering […]
Blog / Engineering / Configuration management of Wazuh endpoints using Ansible
Configuration management is the process of maintaining computer systems, servers, network devices, and software in a desired and consistent state. Configuration management tools allow you to quickly and remotely control large numbers of different endpoints in an automated way from a centralized location. There are several popular configuration management tools. These include Ansible, Chef, Puppet, […]
Blog / Engineering / Wazuh agent groups and centralized configuration
Centralized configuration management offers a unified approach for organizing, controlling, and modifying configurations within a large infrastructure. They mitigate the challenges associated with manual configuration management, such as human errors, inconsistencies, and time-consuming updates. Wazuh, the unified XDR and SIEM platform, offers a feature for streamlining agent configuration and enhancing security management: Wazuh agent groups […]
Blog / Engineering / Filtering security data with the Wazuh Query Language
The Wazuh Query Language (WQL) simplifies security data filtering in the Wazuh dashboard with its user-friendly format. With the use of a specialized querying language like Wazuh Query Language, security analysts can analyze and query security log data, enabling effective detection and response to security threats. WQL provides a solution for navigating complex datasets, allowing […]
Blog / Engineering / Monitoring Hyper-V with Wazuh
Microsoft Hyper-V is a widely used virtualization platform in enterprise environments, powering everything from development labs to production workloads.