Wazuh manager is the system that analyzes the data received from all the agents, triggering alerts when an event matches a rule for example: intrusion detected, file changed, configuration not compliant with policy, possible rootkit, etc. It is also an agent, so it has all the features that an agent has. Also, the manager can forward the alerts it triggered through syslog, emails or integration with external APIs.
- Remote service
- Defining an alert level threshold
- Integration with external APIs
- Configuring syslog output
- Generating automatic reports
- Configuring email alerts
- Deploying a Wazuh cluster