User manual

Welcome to the Wazuh user manual. Use it as your Wazuh reference library once you have a basic Wazuh installation in place. In the same way that the main components of Wazuh are a fork of the renowned OSSEC HIDS project, so this user manual has been derived from the OSSEC documentation. Kudos to the OSSEC team for their huge contribution to the IT security community.

Contents

• Overview
  • Wazuh server
  • Elastic Stack
  • Wazuh agents
• Wazuh server administration
  • Remote service
  • Defining an alert level threshold
  • Integration with external APIs
  • Configuring syslog output
  • Generating automatic reports
  • Configuring email alerts
  • SMTP server with authentication
  • Deploying a Wazuh cluster
• Registering agents
  • The registration process
  • Using the registration service
• Agent management
  • Agent life cycle
  • Using the command line
  • Using the RESTful API
  • Using Wazup App
  • Checking connection with Manager
  • Grouping agents
  • Remote upgrading
• Capabilities
  • Log data collection
  • File integrity monitoring
  • Anomaly and malware detection
  • Monitoring security policies
  • Monitoring system calls
  • Command monitoring
  • Active response
  • Agentless monitoring
  • Anti-flooding mechanism
  • Agent labels
  • VirusTotal integration
• Ruleset
  • Getting started
  • Update ruleset
  • JSON decoder
  • Custom rules and decoders
  • Dynamic fields
  • Ruleset XML syntax
  • Testing decoders and rules
  • Using CDB lists
  • Contribute to the ruleset
• RESTful API
  • Getting started
  • Configuration
  • Reference
  • Examples
• Reference
  • Local configuration
  • Centralized configuration
  • Internal configuration
  • Daemons
  • Tools