The Wazuh manager is the system that analyzes the data received from all registered agents triggering alerts when an event matches a rule, for example: intrusion detected, file modified, configuration not compliant with policy, possible rootkit, etc. The manager also operates as an agent on the local machine, so it has all the features that an agent has. Also, the manager can forward the alerts it triggers through syslog, emails or integrated external APIs.
- Remote service
- Defining an alert level threshold
- Integration with external APIs
- Configuring syslog output
- Generating automatic reports
- Configuring email alerts
- Configuring a cluster