This is the documentation for Wazuh 3.7. Check out the docs for the latest version of Wazuh!


XML section name


Agentless monitoring allows you to run integrity checks on systems without an agent installed.



Default value n/a
Allowed values ssh_integrity_check_bsd

Requires a list of directories in <arguments>.

Wazuh will integrity scan the files in the specified directories.

The system will alert if these files have changed.


Supply an <arguments> value that consists of a set of commands to run.

Their output is then processed, looking for changes or rule matches.


Specifically for checking if the config of a Cisco PIX/router changes.

No <arguments> required.


Controls the number of seconds between each check of the agentless device.

Default value n/a
Allowed values An integer in seconds


Defines the username and the name of the agentless host.

Default value n/a
Allowed values Any username and host (username@hostname)


Determines whether the type of check is periodic or periodic_diff.

Default value n/a
Allowed values periodic Output from each check is analyzed with the Wazuh ruleset as if a monitored log.

Output from each agentless check is compared to the output of the previous run.

Changes are alerted on, similar to file integrity monitoring.


Defines the arguments passed to the agentless check.

Default value n/a
Allowed values This is a space-delimited list of files or directories to be monitored.

Sample configuration

  <arguments>/etc /usr/bin /usr/sbin</arguments>