Wazuh Docs
    Wazuh Docs
    • Product
    • Blog
    • Cloud
    • Services
    • Community
    • Contact us
      • Getting started
        • Components
        • Architecture
        • Use cases
      • Installation guide
        • Installing Wazuh server
          • Install Wazuh server with RPM packages
          • Install Wazuh server with DEB packages
          • Install Wazuh server from sources
        • Installing Elastic Stack
          • Install Elastic Stack with RPM packages
          • Install Elastic Stack with Debian packages
        • Installing Wazuh agent
          • Install Wazuh agent with RPM packages
          • Install Wazuh agent with DEB packages
          • Install Wazuh agent on Windows
          • Install Wazuh agent on Mac OS X
          • Install Wazuh agent on Solaris
          • Install Wazuh agent on HP-UX
          • Install Wazuh agent on AIX
          • Install Wazuh agent from sources
        • Optional configurations
          • Setting up SSL for Filebeat and Logstash
          • Setting up SSL and authentication for Kibana
          • Securing the Wazuh API
          • Elasticsearch tuning
          • Insert a Wazuh API entry automatically
        • Upgrading Wazuh
          • Upgrading from a legacy version
            • Upgrading Wazuh server
            • Upgrading Elastic Stack server
            • Upgrading Wazuh agents
          • Upgrade from the same minor version
          • Upgrade from the same major version (2.x)
          • Upgrade from different major version
          • Upgrade from the same major version (3.x)
          • Restore Wazuh alerts from Wazuh 2.x
        • Virtual Machine
        • Packages List
        • Compatibility matrix
      • User manual
        • Overview
        • Wazuh server administration
          • Remote service
          • Defining an alert level threshold
          • Integration with external APIs
          • Configuring syslog output
          • Configuring database output
          • Generating automatic reports
          • Configuring email alerts
            • SMTP server with authentication
          • Configuring a cluster
        • Registering agents
          • The registration process
          • Using the registration service
        • Agent management
          • Agent life cycle
          • Using the command line
            • Register Agent
            • Listing Agents
            • Remove Agents
          • Using the RESTful API
            • Register Agents
            • Listing Agents
            • Remove Agents
          • Using the Wazuh app
          • Checking connection with Manager
          • Grouping agents
          • Remote upgrading
            • Upgrading agent
            • Adding a custom repository
            • Creating custom WPK packages
            • Installing a custom WPK package
            • WPK List
        • Capabilities
          • Log data collection
            • How it works
            • Configuration
            • FAQ
          • File integrity monitoring
            • How it works
            • Configuration
            • FAQ
          • Auditing who-data
            • Auditing who-data in Linux
            • Auditing who-data in Windows
            • Manual configuration of the Local Audit Policies in Windows
          • Anomaly and malware detection
            • How it works
            • Configuration
            • FAQ
          • Monitoring security policies
            • Rootcheck
              • How it works
              • Configuration
              • FAQ
            • OpenSCAP
              • How it works
              • Configuration
              • FAQ
            • CIS-CAT integration
          • Monitoring system calls
            • How it works
            • Configuration
          • Command monitoring
            • How it works
            • Configuration
            • FAQ
          • Active response
            • How it works
            • Configuration
            • FAQ
          • Agentless monitoring
            • How it works
            • Configuration
            • FAQ
          • Anti-flooding mechanism
          • Agent labels
          • System inventory
          • Vulnerability detection
          • VirusTotal integration
            • About VirusTotal
            • How it works
          • Osquery
        • Ruleset
          • Getting started
          • Update ruleset
          • JSON decoder
          • Custom rules and decoders
          • Dynamic fields
          • Ruleset XML syntax
            • Decoders Syntax
            • Rules Syntax
            • Regular Expression Syntax
          • Testing decoders and rules
          • Using CDB lists
          • Contribute to the ruleset
          • Rules classification
        • RESTful API
          • Getting started
          • Filtering data using queries
          • Configuration
          • Reference
          • Examples
        • Kibana app
          • Setting up the app
          • Wazuh app and X-Pack
            • Defining X-Pack users
            • Configure X-Pack users
            • X-Pack troubleshooting
          • App features
            • App overview
            • Ruleset
            • Settings
            • Dev tools
            • Reporting
            • Index pattern selector
            • Download as CSV
            • Query configuration
          • Troubleshooting
          • Reference
            • Configuration file
            • Elasticsearch indices
        • Reference
          • Local configuration (ossec.conf)
            • active-response
            • agentless
            • alerts
            • auth
            • client
            • client_buffer
            • cluster
            • command
            • database_output
            • email_alerts
            • global
            • integration
            • labels
            • localfile
            • logging
            • remote
            • reports
            • rootcheck
            • ruleset
            • socket
            • syscheck
            • syslog_output
            • wodle name=”open-scap”
            • wodle name=”command”
            • wodle name=”cis-cat”
            • wodle name=”aws-s3”
            • wodle name=”syscollector”
            • wodle name=”vulnerability-detector”
            • wodle name=”osquery”
            • wodle name=”docker-listener”
            • wodle name=”azure-logs”
            • Verifying configuration
          • Centralized configuration (agent.conf)
          • Internal configuration
          • Daemons
            • ossec-agentd
            • ossec-agentlessd
            • ossec-analysisd
            • ossec-authd
            • ossec-csyslogd
            • ossec-dbd
            • ossec-execd
            • ossec-logcollector
            • ossec-maild
            • ossec-monitord
            • ossec-remoted
            • ossec-reportd
            • ossec-syscheckd
            • wazuh-clusterd
            • wazuh-modulesd
            • wazuh-db
            • Tables available for wazuh-db
            • ossec-integratord
          • Tools
            • agent-auth
            • agent_control
            • manage_agents
            • ossec-control
            • ossec-logtest
            • ossec-makelists
            • rootcheck_control
            • syscheck_control
            • syscheck_update
            • clear_stats
            • ossec-regex
            • update_ruleset
            • util.sh
            • verify-agent-conf
            • agent_groups
            • agent_upgrade
            • cluster_control
            • fim_migrate
          • Unattended Installation
          • Statistics files
            • ossec-agentd state file
            • ossec-remoted state file
            • ossec-analysisd state file
      • Development
        • Client keys file
        • Standard OSSEC message format
        • Makefile options
      • Docker
        • Docker installation
        • Wazuh Docker deployment
        • Wazuh Docker utilities
        • FAQ
      • Deploying with Puppet
        • Set up Puppet
          • Installing Puppet master
          • Installing Puppet agent
          • Setting up Puppet certificates
        • Wazuh Puppet module
          • Scan paths configuration
          • Wazuh agent class
          • Wazuh server class
      • Deploying with Ansible
        • Installation Guide
          • Install Ansible
          • Install Wazuh Server
          • Install Elastic Stack Server
          • Install Wazuh Agent
        • Remote Hosts Connection
        • Roles
          • Wazuh Manager
          • Filebeat
          • Elasticsearch
          • Kibana
          • Logstash
          • Wazuh Agent
        • Variables references
      • Using Wazuh for PCI DSS
        • Log analysis
        • Policy monitoring
        • Rootkit detection
        • File integrity monitoring
        • Active response
        • Elastic Stack
      • Using Wazuh for GDPR
        • GDPR II, Principles <gdpr_II>
        • GDPR III, Rights of the data subject <gdpr_III>
        • GDPR IV, Controller and processor <gdpr_IV>
      • Using Wazuh to Monitor AWS
        • Installation
        • Use Cases
          • S3 use cases
          • IAM use cases
          • EC2 use cases
          • VPC Use cases
        • Troubleshooting
      • Using Wazuh to Monitor Microsoft Azure
        • Manager Requirements
        • Monitoring Instances
        • Monitoring Activity
        • Monitoring Services
      • Using Wazuh to Monitor Docker
        • Monitoring Docker server
        • Monitoring containers activity
      • Installing Splunk
        • Install Splunk in single-instance mode
        • Install Splunk in multi-instance mode
        • Install Wazuh app for Splunk
        • Install and configure Splunk Forwarder
        • Setting up reverse proxy configuration for Splunk
        • Customize agents status indexation
      • Migrating from OSSEC
        • Migrating OSSEC server
        • Migrating OSSEC agent
      • Release notes
        • 3.7.2 Release Notes
        • 3.7.1 Release Notes
        • 3.7.0 Release Notes
        • 3.6.1 Release Notes
        • 3.6.0 Release Notes
        • 3.5.0 Release Notes
        • 3.4.0 Release Notes
        • 3.3.1 Release Notes
        • 3.3.0 Release Notes
        • 3.2.4 Release Notes
        • 3.2.3 Release Notes
        • 3.2.2 Release Notes
        • 3.2.1 Release Notes
        • 3.2.0 Release Notes
        • 3.1.0 Release Notes
        • 3.0.0 Release Notes
        • 2.1 Release Notes
      Open source community Professional services
      Edit on GitHub
      • Documentation
      • User manual
      • Capabilities
      Warning: This is the documentation for Wazuh 3.7. Check out the docs for the latest version of Wazuh!

      Capabilities¶

      In this section, you will find:

      • A deeper explanation of how each capability works.

      • Configuration options for specific capabilities.

      • Frequently asked questions.

      • Some practical examples.

      If you find a problem, error or if you want to ask related questions, please contact us through our mailing list.

      • Log data collection
        • How it works
        • Configuration
        • FAQ
      • File integrity monitoring
        • How it works
        • Configuration
        • FAQ
      • Auditing who-data
        • Auditing who-data in Linux
        • Auditing who-data in Windows
        • Manual configuration of the Local Audit Policies in Windows
      • Anomaly and malware detection
        • How it works
        • Configuration
        • FAQ
      • Monitoring security policies
        • Rootcheck
        • OpenSCAP
        • CIS-CAT integration
      • Monitoring system calls
        • How it works
        • Configuration
      • Command monitoring
        • How it works
        • Configuration
        • FAQ
      • Active response
        • How it works
        • Configuration
        • FAQ
      • Agentless monitoring
        • How it works
        • Configuration
        • FAQ
      • Anti-flooding mechanism
        • Why an anti-flooding mechanism is needed
        • How it works: Leaky bucket
        • Use case: Leaky bucket
        • Anti-flooding in agent modules
      • Agent labels
        • How it works
        • Use case
      • System inventory
        • How it works
        • Available scans
        • Compatibility matrix
        • Use case: Visualize system inventory in the Wazuh app
      • Vulnerability detection
        • How it works
        • Compatibility matrix
        • Use case: Running a vulnerability scan
      • VirusTotal integration
        • About VirusTotal
        • How it works
      • Osquery
        • How it works
        • Configuration
        • Alert examples
      WPK List Log data collection
      © 2021 · Wazuh Inc.