This is the documentation for Wazuh 2.1. Check out the docs for the latest version of Wazuh!


XML section name


Agentless monitoring allows you to run integrity checking on systems without an agent installed.



Default value n/a
Allowed values ssh_integrity_check_bsd

Require a list of directories in <arguments>.

Wazuh will file integrity scan the files in those directories.

System will alert if they have changed.


Supply an <arguments> value that consists of a set of commands to run.

Their output is then processed, looking for changes or rule matches.


Specifically for checking if the config of a Cisco PIX/router changes.

No <arguments> required


This controls the number of seconds between each check of the agentless device.

Default value n/a
Allowed values An integer in seconds


This defines the username and the name of the agentless host.

Default value n/a
Allowed values Any username and host (username@hostname)


This determines whether the check type is periodic or periodic_diff.

Default value n/a
Allowed values periodic Output from each check is analyzed with the Wazuh ruleset as if a monitored log.

Output from each agentless check is compared to the output of the previous run.

Changes are alerted on, similar to file integrity monitoring.


This defines the arguments passed to the agentless check

Default value n/a
Allowed values This is a space-delimited list of files or directories to be monitored.

Example of configuration

  <arguments>/etc /usr/bin /usr/sbin</arguments>