This is the documentation for Wazuh 2.1. Check out the docs for the latest version of Wazuh!
Wazuh Docs
    Wazuh Docs
    • Product
    • Blog
    • Cloud
    • Services
    • Community
    • Contact us
      • Getting started
        • Components
        • Architecture
        • Use cases
      • Installation guide
        • Installing Wazuh server
          • Install Wazuh server with RPM packages
          • Install Wazuh server with DEB packages
          • Install Wazuh server from sources
        • Installing Elastic Stack
          • Install Elastic Stack with RPM packages
            • Connect the Wazuh App with the API
          • Install Elastic Stack with Debian packages
            • Connect the Wazuh App with the API
        • Installing Wazuh agent
          • Install Wazuh agent with RPM packages
          • Install Wazuh agent with DEB packages
          • Install Wazuh agent on Windows
          • Install Wazuh agent on Mac OS X
          • Install Wazuh agent on Solaris
          • Install Wazuh agent from sources
        • Optional configurations
          • Setting up SSL for Filebeat and Logstash
          • Setting up SSL and authentication for Kibana
          • Securing the Wazuh API
          • Elasticsearch tuning
        • Upgrading Wazuh
          • Upgrading from a legacy version
            • Upgrading Wazuh server
            • Upgrading Elastic Stack server
            • Upgrading Wazuh agents
          • Upgrade from the same minor version
          • Upgrade from the same major version
        • Virtual Machine
        • Packages List
        • Unattended Installation
      • User manual
        • Overview
        • Wazuh server administration
          • Remote service
          • Defining an alert level threshold
          • Integration with external APIs
          • Configuring syslog output
          • Generating automatic reports
          • Configuring email alerts
            • SMTP server with authentication
        • Registering agents
          • The registration process
          • Using the registration service
        • Agent management
          • Using the command line
            • Register Agent
            • Listing Agents
            • Remove Agents
          • Using the RESTful API
            • Register Agents
            • Listing Agents
            • Remove Agents
          • Using Wazup App
          • Checking connection with Manager
        • Capabilities
          • Log data collection
            • How it works
            • Configuration
            • FAQ
          • File integrity monitoring
            • How it works
            • Configuration
            • FAQ
          • Anomaly and malware detection
            • How it works
            • Configuration
            • FAQ
          • Monitoring security policies
            • Rootcheck
              • How it works
              • Configuration
              • FAQ
            • OpenSCAP
              • How it works
              • Configuration
              • FAQ
          • Monitoring system calls
            • How it works
            • Configuration
          • Command monitoring
            • How it works
            • Configuration
            • FAQ
          • Active response
            • How it works
            • Configuration
            • FAQ
          • Agentless monitoring
            • How it works
            • Configuration
            • FAQ
          • Anti-flooding mechanism
          • Agent labels
        • Ruleset
          • Getting started
          • Update ruleset
          • Custom rules and decoders
          • Dynamic fields
          • Ruleset XML syntax
            • Decoders Syntax
            • Rules Syntax
            • Regular Expression Syntax
          • Testing decoders and rules
          • Using CDB lists
          • Contribute to the ruleset
        • RESTful API
          • Getting started
          • Configuration
          • Reference
          • Examples
        • Reference
          • Local configuration
            • active-response
            • agentless
            • alerts
            • auth
            • client
            • client_buffer
            • command
            • database_output
            • email_alerts
            • global
            • integration
            • labels
            • localfile
            • logging
            • remote
            • reports
            • rootcheck
            • ruleset
            • syscheck
            • syslog_output
            • wodle name=”open-scap”
            • Verifying configuration
          • Centralized configuration
          • Internal configuration
          • Daemons
            • ossec-agentd
            • ossec-agentlessd
            • ossec-analysisd
            • ossec-authd
            • ossec-csyslogd
            • ossec-dbd
            • ossec-execd
            • ossec-logcollector
            • ossec-maild
            • ossec-monitord
            • ossec-remoted
            • ossec-reportd
            • ossec-syscheckd
            • wazuh-modulesd
          • Tools
            • agent-auth
            • agent_control
            • manage_agents
            • ossec-control
            • ossec-logtest
            • ossec-makelists
            • rootcheck_control
            • syscheck_control
            • syscheck_update
            • clear_stats
            • ossec-regex
            • update-ruleset.sh
            • util.sh
            • verify-agent-conf
      • Docker
        • Docker installation
        • Wazuh container
        • FAQ
      • Deploying with Puppet
        • Set up Puppet
          • Installing Puppet master
          • Installing Puppet agent
          • Setting up Puppet certificates
        • Wazuh Puppet module
          • Scan paths configuration
          • Wazuh agent class
          • Wazuh server class
      • Deploying with Ansible
        • Considerations
        • Install Ansible
        • Remote Hosts
        • Roles
          • Wazuh Manager
          • Filebeat
          • Elasticsearch
          • Kibana
          • Logstash
          • Wazuh Agent
        • Variables references
      • Using Wazuh for PCI DSS
        • Log analysis
        • Policy monitoring
        • Rootkit detection
        • File integrity monitoring
        • Active response
        • Elastic Stack
      • Using Wazuh for AWS
        • Integration with AWS
        • Use Cases
          • IAM use cases
          • EC2 use cases
          • VPC Use cases
      • Migrating from OSSEC
        • Migrating OSSEC manager installed from packages
        • Migrating OSSEC agent installed from packages
      • Release Notes
        • 2.1 Release Notes
      • Development
        • Client keys file
        • Standard OSSEC message format
      Open source community Professional services
      Edit on GitHub
      • Documentation
      • User manual
      • Capabilities

      Capabilities¶

      This section explain more in detail how each capability works, how can be configured, frequently asked questions and some examples that allow a better understanding of all the features. If you find a problem, error or if you want to ask related questions please let us know on our mailing list.

      The capabilities are:

      • Log data collection
        • How it works
        • Configuration
        • FAQ
      • File integrity monitoring
        • How it works
        • Configuration
        • FAQ
      • Anomaly and malware detection
        • How it works
        • Configuration
        • FAQ
      • Monitoring security policies
        • Rootcheck
        • OpenSCAP
      • Monitoring system calls
        • How it works
        • Configuration
      • Command monitoring
        • How it works
        • Configuration
        • FAQ
      • Active response
        • How it works
        • Configuration
        • FAQ
      • Agentless monitoring
        • How it works
        • Configuration
        • FAQ
      • Anti-flooding mechanism
        • Why it is an anti-flooding mechanism needed?
        • How it works: Leaky bucket
        • Use case: Leaky bucket
        • Anti-flooding in agent modules
      • Agent labels
        • How it works
        • Use case
      Checking connection with Manager Log data collection
      © 2020 · Wazuh Inc.