Blog
Community
Contact us
X
LinkedIn
Reddit
GitHub
Discord
Slack
Mailing list
Search here
Close
Search
Wazuh
Platform
Overview
XDR
SIEM
Cloud
CTI
Documentation
Services
Professional support
Consulting services
Training courses
Partners
Become a partner
Find a partner
Company
Customers
About us
Our team
Resources
Search term
Search now!
Getting started
Components
Architecture
Use cases
Installation guide
Installing Wazuh server
Install Wazuh server with RPM packages
Install Wazuh server with DEB packages
Install Wazuh server from sources
Installing Elastic Stack
Install Elastic Stack with RPM packages
Install Elastic Stack with Debian packages
Installing Wazuh agent
Install Wazuh agent with RPM packages
Install Wazuh agent with DEB packages
Install Wazuh agent on Windows
Install Wazuh agent on Mac OS X
Install Wazuh agent on Solaris
Install Wazuh agent on HP-UX
Install Wazuh agent on AIX
Install Wazuh agent from sources
Optional configurations
Setting up SSL for Filebeat and Logstash
Setting up SSL and authentication for Kibana
Securing the Wazuh API
Elasticsearch tuning
Insert a Wazuh API entry automatically
Upgrading Wazuh
Upgrading from a legacy version
Upgrading Wazuh server
Upgrading Elastic Stack server
Upgrading Wazuh agents
Upgrade from the same minor version
Upgrade from the same major version (2.x)
Upgrade from different major version
Upgrade from the same major version (3.x)
Restore Wazuh alerts from Wazuh 2.x
Virtual Machine
Packages List
Compatibility matrix
User manual
Overview
Wazuh server administration
Remote service
Defining an alert level threshold
Integration with external APIs
Configuring syslog output
Configuring database output
Generating automatic reports
Configuring email alerts
SMTP server with authentication
Configuring a cluster
Registering agents
The registration process
Using the registration service
Agent management
Agent life cycle
Using the command line
Register Agent
Listing Agents
Remove Agents
Using the RESTful API
Register Agents
Listing Agents
Remove Agents
Using the Wazuh app
Checking connection with Manager
Grouping agents
Remote upgrading
Upgrading agent
Adding a custom repository
Creating custom WPK packages
Installing a custom WPK package
WPK List
Capabilities
Log data collection
How it works
Configuration
FAQ
File integrity monitoring
How it works
Configuration
FAQ
Auditing who-data
Auditing who-data in Linux
Auditing who-data in Windows
Manual configuration of the Local Audit Policies in Windows
Anomaly and malware detection
How it works
Configuration
FAQ
Monitoring security policies
Rootcheck
How it works
Configuration
FAQ
OpenSCAP
How it works
Configuration
FAQ
CIS-CAT integration
Monitoring system calls
How it works
Configuration
Command monitoring
How it works
Configuration
FAQ
Active response
How it works
Configuration
FAQ
Agentless monitoring
How it works
Configuration
FAQ
Anti-flooding mechanism
Agent labels
System inventory
Vulnerability detection
VirusTotal integration
About VirusTotal
How it works
Osquery
Ruleset
Getting started
Update ruleset
JSON decoder
Custom rules and decoders
Dynamic fields
Ruleset XML syntax
Decoders Syntax
Rules Syntax
Regular Expression Syntax
Testing decoders and rules
Using CDB lists
Contribute to the ruleset
Rules classification
RESTful API
Getting started
Filtering data using queries
Configuration
Reference
Examples
Kibana app
Setting up the app
Wazuh app and X-Pack
Defining X-Pack users
Configure X-Pack users
X-Pack troubleshooting
App features
App overview
Ruleset
Settings
Dev tools
Reporting
Index pattern selector
Download as CSV
Query configuration
Troubleshooting
Reference
Configuration file
Elasticsearch indices
Reference
Local configuration (ossec.conf)
active-response
agentless
alerts
auth
client
client_buffer
cluster
command
database_output
email_alerts
global
integration
labels
localfile
logging
remote
reports
rootcheck
ruleset
socket
syscheck
syslog_output
wodle name="open-scap"
wodle name="command"
wodle name="cis-cat"
wodle name="aws-s3"
wodle name="syscollector"
wodle name="vulnerability-detector"
wodle name="osquery"
wodle name="docker-listener"
wodle name="azure-logs"
Verifying configuration
Centralized configuration (agent.conf)
Internal configuration
Daemons
ossec-agentd
ossec-agentlessd
ossec-analysisd
ossec-authd
ossec-csyslogd
ossec-dbd
ossec-execd
ossec-logcollector
ossec-maild
ossec-monitord
ossec-remoted
ossec-reportd
ossec-syscheckd
wazuh-clusterd
wazuh-modulesd
wazuh-db
Tables available for wazuh-db
ossec-integratord
Tools
agent-auth
agent_control
manage_agents
ossec-control
ossec-logtest
ossec-makelists
rootcheck_control
syscheck_control
syscheck_update
clear_stats
ossec-regex
update_ruleset
util.sh
verify-agent-conf
agent_groups
agent_upgrade
cluster_control
fim_migrate
Unattended Installation
Statistics files
ossec-agentd state file
ossec-remoted state file
ossec-analysisd state file
Development
Client keys file
Standard OSSEC message format
Makefile options
Docker
Docker installation
Wazuh Docker deployment
Wazuh Docker utilities
FAQ
Deploying with Puppet
Set up Puppet
Installing Puppet master
Installing Puppet agent
Setting up Puppet certificates
Wazuh Puppet module
Scan paths configuration
Wazuh agent class
Wazuh server class
Deploying with Ansible
Installation Guide
Install Ansible
Install Wazuh Server
Install Elastic Stack Server
Install Wazuh Agent
Remote Hosts Connection
Roles
Wazuh Manager
Filebeat
Elasticsearch
Kibana
Logstash
Wazuh Agent
Variables references
Using Wazuh for PCI DSS
Log analysis
Policy monitoring
Rootkit detection
File integrity monitoring
Active response
Elastic Stack
Using Wazuh for GDPR
GDPR II, Principles <gdpr_II>
GDPR III, Rights of the data subject <gdpr_III>
GDPR IV, Controller and processor <gdpr_IV>
Using Wazuh to Monitor AWS
Installation
Use Cases
S3 use cases
IAM use cases
EC2 use cases
VPC Use cases
Troubleshooting
Using Wazuh to Monitor Microsoft Azure
Manager Requirements
Monitoring Instances
Monitoring Activity
Monitoring Services
Using Wazuh to Monitor Docker
Monitoring Docker server
Monitoring containers activity
Installing Splunk
Install Splunk in single-instance mode
Install Splunk in multi-instance mode
Install Wazuh app for Splunk
Install and configure Splunk Forwarder
Setting up reverse proxy configuration for Splunk
Customize agents status indexation
Migrating from OSSEC
Migrating OSSEC server
Migrating OSSEC agent
Release notes
3.7.2 Release Notes
3.7.1 Release Notes
3.7.0 Release Notes
3.6.1 Release Notes
3.6.0 Release Notes
3.5.0 Release Notes
3.4.0 Release Notes
3.3.1 Release Notes
3.3.0 Release Notes
3.2.4 Release Notes
3.2.3 Release Notes
3.2.2 Release Notes
3.2.1 Release Notes
3.2.0 Release Notes
3.1.0 Release Notes
3.0.0 Release Notes
2.1 Release Notes
Attention
This documentation does not apply to the most recent version of Wazuh. Check out the docs for
the latest version
.
Please activate JavaScript to enable the search functionality.