Wazuh agent

The Wazuh agent runs on the hosts that you want to monitor. It is multi-platform and provides the following capabilities:

  • Log and data collection

  • File integrity monitoring

  • Rootkit and malware detection

  • Security policy monitoring.

  • Configuration assessments

  • Software inventory

It communicates with the Wazuh manager, sending data in near real-time through an encrypted and authenticated channel.

The Wazuh agent has been developed taking into consideration the need for monitoring a great variety of different endpoints without impacting their performance. It is because of this that the Wazuh agent is supported in the most popular operating systems and only requires around 0.1 GB of RAM.

There are several options to install a Wazuh agent, depending on the operating system and whether you wish to build from source or not. Consult the table below and choose how to proceed for a given agent:

Operating system

Description

AIX installer

Install Wazuh agents on AIX.

HP-UX installer

Install Wazuh agents on HP-UX.

Linux installer

Install Wazuh agents on Linux.

macOS installer

Install Wazuh agents on macOS.

Solaris installer

Install Wazuh agents on Solaris.

Windows installer

Install Wazuh agents on Windows.

In each OS installer document, it is described how to deploy the agent using the deployment variables, which facilitates the task of deployment, registration, and configuration of the agent in a single command. The complete guide: Deployment variables.

On the other hand, deploying agents to a large number of servers or endpoints can be easier using automation tools like Puppet, Chef, SCCM or Ansible. Consider exploring these options if you are deploying Wazuh in a large environment.

Note

The compatibility between Wazuh agent and Wazuh manager is guaranteed when the Wazuh manager has a newer or equal version than the Wazuh agent.