This is the documentation for Wazuh 3.9. Check out the docs for the latest version of Wazuh!

Active response

Although active response is not explicitly discussed in PCI DSS, it is important to mention that an automated remediation to security violations and threats is a powerful tool that reduces your risk.

Active response allows a scripted action to be performed whenever an event matches certain rules in your Wazuh ruleset. Remedial action could be a firewall block or drop, traffic shaping or throttling, account lockout, etc…