About this documentationΒΆ

Welcome to Wazuh documentation. Here you will find instructions to install and deploy OSSEC HIDS, both the official version and our forked one. Please note that this documentation is not intended to substitute OSSEC HIDS documentation, or the reference manual, which are currently maintained by the project team members and external contributors.

Wazuh team is currently supporting OSSEC enterprise users, and decided to develop and publish additional capabilities as a way to contribute back to the Open Source community. Find below a list and description of our main projects, that have been released under the terms of GPLv2 license.

  • OSSEC Wazuh Ruleset: Includes new rootchecks, decoders and rules, increasing OSSEC monitoring and detection capabilities. Those have also been tagged for PCI Data Security Standard, allowing users to monitor compliance for each of the standard requirements. Users can contribute to this ruleset by submitting pull requests to our Github repository. Our team will continue to maintain and update it periodically.
  • Wazuh HIDS: Our OSSEC fork. Implements bug fixes and new features. It provides extended JSON logging capabilities, for easy integration with ELK Stack and third party log management tools. It also includes compliance support, and modifications in OSSEC binaries needed by the OSSEC RESTful API.
  • Wazuh RESTful API: Used to monitor and control your OSSEC deployment, providing an interface to interact with the manager from anything that can send an HTTP request.
  • Docker containers to virtualize and run your OSSEC manager and an all-in-one integration with ELK Stack.


If you want to contribute to this documentation or our projects please head over to our Github repositories. You can also join our users mailing list, by sending an email to wazuh+subscribe@googlegroups.com, to ask questions and participate in discussions.