The Wazuh agent is multi-platform and runs on the hosts that the user wants to monitor. It provides the following capabilities:
Log and data collection
File integrity monitoring
Rootkit and malware detection
Security policy monitoring.
The Wazuh agent communicates with Wazuh's manager, sending data in near real time through an encrypted and authenticated channel.
The agent was developed considering the need to monitor a wide variety of different endpoints without impacting their performance. It requires 35 MB of RAM on average. Therefore, it is supported on the most popular operating systems.
There are several options to install a Wazuh agent, depending on the operating system and whether you would like to build from source or not. Check the following table and choose how to proceed for a given agent:
Install Wazuh agents on AIX.
Install Wazuh agents on HP-UX.
Install Wazuh agents on Linux.
Install Wazuh agents on macOS.
Install Wazuh agents on Solaris.
Install Wazuh agents on Windows.
Each operating system installer document describes how to deploy the agent using the deployment variables, which facilitates the task of deploying, logging and configuring the agent in a single command. Check the complete guide in the deployment variables page.
If you are deploying Wazuh in a large environment, with a high number of servers or endpoints, keep in mind that this deployment may be easier using automation tools such as Puppet, Chef, SCCM or Ansible.
Compatibility between the Wazuh agent and the Wazuh manager is guaranteed when the Wazuh manager has a newer or equal version than the Wazuh agent.