Wazuh Docs
    Wazuh Docs
    • Product
    • Blog
    • Cloud
    • Services
    • Community
    • Contact us
      • Getting started
        • Components
        • Architecture
        • Use cases
      • Installation guide
        • Installing Wazuh server
          • Install Wazuh server with RPM packages
          • Install Wazuh server with DEB packages
          • Install Wazuh server from sources
        • Installing Elastic Stack
          • Install Elastic Stack with RPM packages
            • Connect the Wazuh App with the API
          • Install Elastic Stack with Debian packages
            • Connect the Wazuh App with the API
        • Installing Wazuh agent
          • Install Wazuh agent with RPM packages
          • Install Wazuh agent with DEB packages
          • Install Wazuh agent on Windows
          • Install Wazuh agent on Mac OS X
          • Install Wazuh agent on Solaris
          • Install Wazuh agent from sources
        • Optional configurations
          • Setting up SSL for Filebeat and Logstash
          • Setting up SSL and authentication for Kibana
          • Securing the Wazuh API
          • Elasticsearch tuning
        • Upgrading Wazuh
          • Upgrading from a legacy version
            • Upgrading Wazuh server
            • Upgrading Elastic Stack server
            • Upgrading Wazuh agents
          • Upgrade from the same minor version
          • Upgrade from the same major version
        • Virtual Machine
        • Packages List
        • Unattended Installation
      • User manual
        • Overview
        • Wazuh server administration
          • Remote service
          • Defining an alert level threshold
          • Integration with external APIs
          • Configuring syslog output
          • Generating automatic reports
          • Configuring email alerts
            • SMTP server with authentication
        • Registering agents
          • The registration process
          • Using the registration service
        • Agent management
          • Using the command line
            • Register Agent
            • Listing Agents
            • Remove Agents
          • Using the RESTful API
            • Register Agents
            • Listing Agents
            • Remove Agents
          • Using Wazup App
          • Checking connection with Manager
        • Capabilities
          • Log data collection
            • How it works
            • Configuration
            • FAQ
          • File integrity monitoring
            • How it works
            • Configuration
            • FAQ
          • Anomaly and malware detection
            • How it works
            • Configuration
            • FAQ
          • Monitoring security policies
            • Rootcheck
              • How it works
              • Configuration
              • FAQ
            • OpenSCAP
              • How it works
              • Configuration
              • FAQ
          • Monitoring system calls
            • How it works
            • Configuration
          • Command monitoring
            • How it works
            • Configuration
            • FAQ
          • Active response
            • How it works
            • Configuration
            • FAQ
          • Agentless monitoring
            • How it works
            • Configuration
            • FAQ
          • Anti-flooding mechanism
          • Agent labels
        • Ruleset
          • Getting started
          • Update ruleset
          • Custom rules and decoders
          • Dynamic fields
          • Ruleset XML syntax
            • Decoders Syntax
            • Rules Syntax
            • Regular Expression Syntax
          • Testing decoders and rules
          • Using CDB lists
          • Contribute to the ruleset
        • RESTful API
          • Getting started
          • Configuration
          • Reference
          • Examples
        • Reference
          • Local configuration
            • active-response
            • agentless
            • alerts
            • auth
            • client
            • client_buffer
            • command
            • database_output
            • email_alerts
            • global
            • integration
            • labels
            • localfile
            • logging
            • remote
            • reports
            • rootcheck
            • ruleset
            • syscheck
            • syslog_output
            • wodle name=”open-scap”
            • Verifying configuration
          • Centralized configuration
          • Internal configuration
          • Daemons
            • ossec-agentd
            • ossec-agentlessd
            • ossec-analysisd
            • ossec-authd
            • ossec-csyslogd
            • ossec-dbd
            • ossec-execd
            • ossec-logcollector
            • ossec-maild
            • ossec-monitord
            • ossec-remoted
            • ossec-reportd
            • ossec-syscheckd
            • wazuh-modulesd
          • Tools
            • agent-auth
            • agent_control
            • manage_agents
            • ossec-control
            • ossec-logtest
            • ossec-makelists
            • rootcheck_control
            • syscheck_control
            • syscheck_update
            • clear_stats
            • ossec-regex
            • update-ruleset.sh
            • util.sh
            • verify-agent-conf
      • Docker
        • Docker installation
        • Wazuh container
        • FAQ
      • Deploying with Puppet
        • Set up Puppet
          • Installing Puppet master
          • Installing Puppet agent
          • Setting up Puppet certificates
        • Wazuh Puppet module
          • Scan paths configuration
          • Wazuh agent class
          • Wazuh server class
      • Deploying with Ansible
        • Considerations
        • Install Ansible
        • Remote Hosts
        • Roles
          • Wazuh Manager
          • Filebeat
          • Elasticsearch
          • Kibana
          • Logstash
          • Wazuh Agent
        • Variables references
      • Using Wazuh for PCI DSS
        • Log analysis
        • Policy monitoring
        • Rootkit detection
        • File integrity monitoring
        • Active response
        • Elastic Stack
      • Using Wazuh for AWS
        • Integration with AWS
        • Use Cases
          • IAM use cases
          • EC2 use cases
          • VPC Use cases
      • Migrating from OSSEC
        • Migrating OSSEC manager installed from packages
        • Migrating OSSEC agent installed from packages
      • Release Notes
        • 2.1 Release Notes
      • Development
        • Client keys file
        • Standard OSSEC message format
      Open source community Professional services
      Edit on GitHub
      • Documentation
      • User manual
      • Capabilities
      Warning: This is the documentation for Wazuh 2.1. Check out the docs for the latest version of Wazuh!

      Capabilities¶

      This section explain more in detail how each capability works, how can be configured, frequently asked questions and some examples that allow a better understanding of all the features. If you find a problem, error or if you want to ask related questions please let us know on our mailing list.

      The capabilities are:

      • Log data collection
        • How it works
        • Configuration
        • FAQ
      • File integrity monitoring
        • How it works
        • Configuration
        • FAQ
      • Anomaly and malware detection
        • How it works
        • Configuration
        • FAQ
      • Monitoring security policies
        • Rootcheck
        • OpenSCAP
      • Monitoring system calls
        • How it works
        • Configuration
      • Command monitoring
        • How it works
        • Configuration
        • FAQ
      • Active response
        • How it works
        • Configuration
        • FAQ
      • Agentless monitoring
        • How it works
        • Configuration
        • FAQ
      • Anti-flooding mechanism
        • Why it is an anti-flooding mechanism needed?
        • How it works: Leaky bucket
        • Use case: Leaky bucket
        • Anti-flooding in agent modules
      • Agent labels
        • How it works
        • Use case
      Checking connection with Manager Log data collection
      © 2021 · Wazuh Inc.