• Blog
  • Community
  • Contact us
  • X
  • LinkedIn
  • Reddit
  • GitHub
  • Discord
  • Slack
  • Mailing list
Wazuh
  • Platform
    • Overview
    • XDR
    • SIEM
  • Cloud
  • CTI
  • Documentation
  • Services
    • Professional support
    • Consulting services
    • Training courses
  • Partners
    • Become a partner
    • Find a partner
  • Company
    • Customers
    • About us
    • Our team
    • Resources
    Search now!
    • Getting started
      • Components
        • Wazuh indexer
        • Wazuh server
        • Wazuh dashboard
        • Wazuh agent
      • Architecture
      • Use cases
        • Configuration assessment
        • Malware detection
        • File integrity monitoring
        • Threat hunting
        • Log data analysis
        • Vulnerability detection
        • Incident response
        • Regulatory compliance
        • IT hygiene
        • Container security
        • Posture management
        • Cloud workload protection
    • Quickstart
    • Installation guide
      • Wazuh indexer
        • Assisted installation
        • Step-by-step installation
      • Wazuh server
        • Assisted installation
        • Step-by-step installation
      • Wazuh dashboard
        • Assisted installation
        • Step-by-step installation
      • Wazuh agent
        • Linux
        • Windows
        • macOS
        • Solaris
        • AIX
        • HP-UX
      • Packages list
      • Uninstalling Wazuh
        • Uninstalling the Wazuh central components
        • Uninstalling the Wazuh agent
    • Installation alternatives
      • Virtual machine (VM)
      • Amazon Machine Images (AMI)
      • Deployment on Docker
        • Wazuh Docker deployment
        • Changing the default password of Wazuh users
        • Building Docker images locally
        • Wazuh Docker utilities
        • Upgrading Wazuh Docker
        • Uninstalling the Wazuh Docker deployment
      • Deployment on Kubernetes
        • Kubernetes configuration
        • Deployment
        • Upgrade Wazuh installed in Kubernetes
        • Clean Up
      • Offline installation guide
        • Install Wazuh components using the assisted method
        • Install Wazuh components step by step
      • Installation from sources
        • Installing the Wazuh manager from sources
        • Installing the Wazuh agent from sources
      • Deployment with Ansible
        • Installation Guide
          • Install Ansible
          • Install Wazuh indexer and dashboard
          • Install Wazuh manager
          • Install a Wazuh cluster
          • Install Wazuh Agent
        • Remote endpoints connection
        • Roles
          • Wazuh indexer
          • Wazuh dashboard
          • Filebeat
          • Wazuh Manager
          • Wazuh Agent
        • Variables references
      • Deployment with Puppet
        • Set up Puppet
          • Installing Puppet master
          • Installing Puppet agent
          • Setting up Puppet certificates
        • Wazuh Puppet module
          • Wazuh manager class
          • Wazuh agent class
    • User manual
      • Wazuh server
        • Wazuh manager
        • Indexer integration
        • Alert management
        • Event logging
        • External API integration
        • Queuing mechanisms
      • Wazuh server cluster
        • Architecture overview
        • Types of nodes in a Wazuh server cluster
        • How the Wazuh server cluster works
        • Wazuh cluster nodes configuration
        • Data synchronization
        • Certificates deployment
        • Adding new Wazuh server nodes
          • Certificates creation
          • Configuring existing components to connect with the new node
          • Wazuh server node(s) installation
          • Testing the cluster
        • Agent connections
        • Load balancers
      • Wazuh server API
        • Getting started
        • Configuration
        • Securing the Wazuh server API
        • Role-Based Access Control
          • How it works
          • Authorization Context
          • RBAC Reference
        • Filtering data using Wazuh Query Language (WQL)
        • Use cases
        • Reference
      • Wazuh indexer
        • Wazuh indexer indices
        • Re-indexing
        • Wazuh indexer tuning
        • Migrating Wazuh indices
        • Wazuh indexer configuration on hardened endpoints
      • Wazuh indexer cluster
        • Certificates deployment
        • Adding Wazuh indexer nodes
        • Wazuh indexer cluster tuning
        • Index lifecycle management
        • Cluster management
      • Wazuh indexer API
        • Getting started
        • Configuration
        • Securing the Wazuh indexer API
        • Use cases
        • Reference
      • Wazuh dashboard
        • Navigating the Wazuh dashboard
        • Creating custom dashboards
        • Filtering data using Wazuh Query Language (WQL)
        • Enabling multi-tenancy
        • Configuring third-party SSL certificates
          • Configuring SSL certificates on the Wazuh dashboard using Let’s Encrypt
          • Configuring SSL certificates on the Wazuh dashboard using NGINX
        • Setting up custom branding
        • Wazuh dashboard settings
        • Wazuh global queries
        • Troubleshooting
        • Certificates deployment
      • Wazuh agent
        • Wazuh agent enrollment
          • Requirements
          • Wazuh agent life cycle
          • Enrollment methods
            • Enrollment via agent configuration
              • Linux/Unix
              • Windows
              • macOS
            • Enrollment via Wazuh server API
              • Requesting the client key
              • Importing the client key to the Wazuh agent
          • Additional security options
            • Using password authentication
            • Wazuh manager identity verification
            • Wazuh agent identity verification
          • Deployment variables
            • Linux
            • Windows
            • macOS
            • AIX
          • Troubleshooting
        • Wazuh agent management
          • Wazuh agent connection
          • Wazuh agent administration
            • Querying the Wazuh agent configuration
            • Grouping agents
            • Listing agents
              • Listing agents using the CLI
              • Listing agents using the Wazuh server API
              • Listing agents using the Wazuh dashboard
            • Anti-tampering
            • Removing agents
              • Remove agents using the CLI
              • Remove agents using the Wazuh server API
            • Remote upgrading
              • Upgrading the Wazuh agent
              • Wazuh signed package (WPK) files
              • Agent upgrade module - How it works
            • Wazuh agent queue
            • Agent labels
            • Agent key request
      • Data analysis
        • Decoders
          • JSON decoder
          • Dynamic fields
          • Sibling Decoders
          • Custom decoders
        • Rules
          • Default rules
          • Custom rules
          • Rules classification
        • Ruleset XML syntax
          • Decoders Syntax
          • Rules Syntax
          • Regular Expression Syntax
          • Perl-compatible Regular Expressions
        • Testing decoders and rules
        • Using CDB lists
        • MITRE ATT&CK framework
      • User administration
        • Password management
        • Wazuh RBAC - How to create and map internal users
        • Single sign-on
          • Setup single sign-on with administrator role
            • Okta
            • Microsoft Entra ID
            • PingOne
            • Google
            • Jumpcloud
            • OneLogin
            • Keycloak
          • Setup single sign-on with read-only role
            • Okta
            • Microsoft Entra ID
            • PingOne
            • Google
            • Jumpcloud
            • OneLogin
            • Keycloak
        • LDAP integration
      • Capabilities
        • File integrity monitoring
          • How it works
          • How to configure the FIM module
          • Interpreting the FIM module analysis
          • Basic settings
          • Creating custom FIM rules
          • Advanced settings
          • Use cases
            • Detecting malware persistence technique
            • Detecting account manipulation
            • Monitoring files at specific intervals
            • Reporting file changes
            • Monitoring configuration changes
          • Windows Registry monitoring
        • Malware detection
          • File integrity monitoring and threat detection rules
          • Rootkits behavior detection
          • CDB lists and threat intelligence
          • VirusTotal integration
          • File integrity monitoring and YARA
          • ClamAV logs collection
          • Windows Defender logs collection
          • Custom rules to detect malware IOC
        • Security Configuration Assessment
          • How SCA works
          • How to configure SCA
          • Available SCA policies
          • Creating custom SCA policies
          • Use cases
        • Active Response
          • How to configure Active Response
          • Default active response scripts
          • Custom active response scripts
          • Use cases
            • Blocking SSH brute-force attack with Active Response
            • Restarting the Wazuh agent with Active Response
            • Disabling a Linux user account with Active Response
          • Additional information
        • Log data collection
          • How it works
          • Configuration for monitoring log files
          • Configuring syslog on the Wazuh server
          • Journald log collection
          • Using multiple socket outputs
          • Configuring log collection for different operating systems
          • Log data analysis
          • Use cases
        • Vulnerability detection
          • How it works
          • Configuration
        • Command monitoring
          • How it works
          • Configuration
          • Command output analysis
          • Use cases
            • Monitoring running processes
            • Disk space utilization
            • Check if the output changed
            • Detect USB Storage
            • Load average
        • Container security
          • Using Wazuh to monitor Docker
          • Use cases
        • System inventory
          • How it works
          • Configuration
          • Viewing system inventory data
          • Generating system inventory reports
          • Available inventory fields
          • Compatibility matrix
          • Using Syscollector information to trigger alerts
          • Osquery
          • Use cases
        • Monitoring system calls
          • How it works
          • Configuration
          • Use cases
            • Monitoring file and directory access
            • Monitoring commands run as root
            • Privilege abuse
        • Agentless monitoring
          • How it works
          • Connection
          • Configuration
          • Visualization
          • Use cases
      • Reference
        • Local configuration (ossec.conf)
          • active-response
          • agentless
          • agent-upgrade
          • alerts
          • anti_tampering
          • auth
          • client
          • client_buffer
          • cluster
          • command
          • database_output
          • email_alerts
          • global
          • github
          • indexer
          • integration
          • labels
          • localfile
          • logging
          • ms-graph
          • office365
          • remote
          • reports
          • rootcheck
          • sca
          • rule_test
          • ruleset
          • socket
          • syscheck
          • syslog_output
          • task-manager
          • fluent-forward
          • gcp-pubsub
          • gcp-bucket
          • vulnerability-detection
          • wodle name="command"
          • wodle name="aws-s3"
          • wodle name="syscollector"
          • wazuh-db
          • wodle name="osquery"
          • wodle name="docker-listener"
          • wodle name="azure-logs"
          • wodle name="agent-key-polling"
          • Verifying configuration
        • Centralized configuration (agent.conf)
        • Internal configuration
        • Daemons
          • wazuh-agentd
          • wazuh-agentlessd
          • wazuh-analysisd
          • wazuh-authd
          • wazuh-csyslogd
          • wazuh-dbd
          • wazuh-execd
          • wazuh-logcollector
          • wazuh-maild
          • wazuh-monitord
          • wazuh-remoted
          • wazuh-reportd
          • wazuh-syscheckd
          • wazuh-clusterd
          • wazuh-modulesd
          • wazuh-db
          • Tables available for wazuh-db
          • wazuh-integratord
        • Tools
          • wazuh-control
          • agent-auth
          • agent_control
          • manage_agents
          • wazuh-logtest
          • clear_stats
          • wazuh-regex
          • rbac_control
          • update_ruleset
          • verify-agent-conf
          • agent_groups
          • agent_upgrade
          • cluster_control
          • fim_migrate
          • wazuh-keystore
        • Unattended Installation
        • Statistics files
          • wazuh-agentd.state
          • wazuh-remoted.state
          • wazuh-analysisd.state
          • wazuh-logcollector.state
    • Cloud security
      • Monitoring Amazon Web Services (AWS)
        • Monitoring AWS instances
        • Monitoring AWS based services
          • Prerequisites
            • Installing dependencies
            • Configuring an S3 Bucket
            • Configuring AWS IAM Identities
            • Configuring AWS policy
            • Configuring AWS credentials
            • Considerations for the Wazuh module for AWS configuration
          • Supported services
            • AWS CloudTrail
            • Amazon Virtual Private Cloud (VPC)
            • AWS Config
            • AWS Key Management Service (KMS)
            • Amazon Macie
            • AWS Trusted Advisor
            • Amazon GuardDuty
            • Amazon Web Application Firewall (WAF)
            • Amazon S3 Server Access
            • Amazon Inspector
            • Amazon CloudWatch Logs
            • Amazon ECR Image scanning
            • Cisco Umbrella
            • Elastic Load Balancers
              • Amazon Application Load Balancer (ALB)
              • Amazon Classic Load Balancer (CLB)
              • Amazon Network Load Balancer (NLB)
            • Amazon Security Lake
            • Custom Logs Buckets
            • AWS Security Hub
          • Troubleshooting
      • Monitoring Microsoft Azure with Wazuh
        • Monitoring instances
        • Monitoring Azure platform and services
        • Microsoft Azure Log Analytics
        • Microsoft Azure Storage
        • Microsoft Graph
        • Monitoring Microsoft Graph services with Wazuh
          • Microsoft Graph API setup
        • Microsoft Intune integration
      • Monitoring GitHub
        • Monitoring GitHub audit logs
      • Monitoring Google Cloud
        • Monitoring Google Cloud instances
        • Monitoring Google Cloud services
          • Prerequisites
            • Installing dependencies
            • Creating Google Cloud credentials
            • Gcloud Python script
            • Visualizing Google Cloud events on the Wazuh dashboard
          • Configuring the supported services
            • Monitoring Google Cloud Pub/Sub
              • Use cases
            • Monitoring Google Cloud Storage buckets
        • Cloud Security Posture Management
      • Monitoring Office 365
        • Monitoring Office 365 audit logs
    • Regulatory compliance
      • Using Wazuh for PCI DSS compliance
        • Log data analysis
        • Configuration assessment
        • Malware detection
        • File integrity monitoring
        • Vulnerability detection
        • Active Response
        • System inventory
        • Visualization and dashboard
      • Using Wazuh for GDPR compliance
        • GDPR II, Principles <gdpr_II>
        • GDPR III, Rights of the data subject <gdpr_III>
        • GDPR IV, Controller and processor <gdpr_IV>
      • Using Wazuh for HIPAA compliance
        • Visualization and dashboard
        • Log data analysis
        • Configuration assessment
        • Malware detection
        • File integrity monitoring
        • Vulnerability detection
        • Active Response
      • Using Wazuh for NIST 800-53 compliance
        • Visualization and dashboard
        • Log data analysis
        • Security configuration assessment
        • Malware detection
        • File integrity monitoring
        • System inventory
        • Vulnerability detection
        • Active Response
        • Threat intelligence
      • Using Wazuh for TSC compliance
        • Common criteria 2.1
        • Common criteria 3.1
        • Common criteria 5.1
        • Common criteria 6.1
        • Common criteria 7.1
        • Common criteria 8.1
        • The additional criteria
          • Availability - A1.1
          • Processing integrity - PI1.4
    • Proof of Concept guide
      • Blocking a known malicious actor
      • File integrity monitoring
      • Detecting a brute-force attack
      • Monitoring Docker events
      • Monitoring AWS infrastructure
      • Detecting unauthorized processes
      • Network IDS integration
      • Detecting an SQL injection attack
      • Detecting suspicious binaries
      • Detecting and removing malware using VirusTotal integration
      • Vulnerability detection
      • Detecting malware using YARA integration
      • Detecting hidden processes
      • Monitoring execution of malicious commands
      • Detecting a Shellshock attack
      • Leveraging LLMs for alert enrichment
    • Upgrade guide
      • Wazuh central components
      • Wazuh agent
        • Linux
        • Windows
        • macOS
        • Solaris
        • AIX
        • HP-UX
      • Troubleshooting
    • Integrations guide
      • Elastic Stack integration
      • OpenSearch integration
      • Splunk integration
      • Amazon Security Lake integration
    • Backup guide
      • Creating a backup
        • Wazuh central components
        • Wazuh agent
      • Restoring Wazuh from backup
        • Wazuh central components
        • Wazuh agent
    • Wazuh Cloud service
      • Getting started
        • Sign up for a trial
        • Access the Wazuh dashboard
        • Enroll agents
        • Cloud service FAQ
      • Your environment
        • Authentication and authorization
        • Settings
        • Limits
        • Cancellation
        • Monitor usage
        • Forward syslog events
        • Agents without Internet access
        • SMTP configuration
        • Custom DNS
        • Technical FAQ
      • AI Analyst
      • Account and billing
        • Edit user settings
        • Manage your billing details
        • See your billing cycle and history
        • Update billing and operational contacts
        • Stop charges for an environment
        • Billing FAQ
      • Archive data
        • Configuration
        • Filename format
        • Access
      • Wazuh Cloud API
        • Authentication
        • Reference
      • CLI
      • Glossary
    • Development
      • Client keys file
      • Standard OSSEC message format
      • Makefile options
      • Wazuh cluster
      • Wazuh package generation
        • Virtual machine
        • Wazuh server
        • Wazuh indexer
        • Wazuh dashboard
        • Wazuh agent
      • Wazuh-Logtest
      • SELinux Wazuh context
      • RBAC database integrity
      • Configuring core dump generation
    • Release notes
      • 4.x
        • 4.14.0 Release notes
        • 4.13.1 Release notes
        • 4.13.0 Release notes
        • 4.12.0 Release notes
        • 4.11.2 Release notes
        • 4.11.1 Release notes
        • 4.11.0 Release notes
        • 4.10.3 Release notes
        • 4.10.2 Release notes
        • 4.10.1 Release notes
        • 4.10.0 Release notes
        • 4.9.2 Release notes
        • 4.9.1 Release notes
        • 4.9.0 Release notes
        • 4.8.2 Release notes
        • 4.8.1 Release notes
        • 4.8.0 Release notes
        • 4.7.5 Release notes
        • 4.7.4 Release notes
        • 4.7.3 Release notes
        • 4.7.2 Release notes
        • 4.7.1 Release notes
        • 4.7.0 Release notes
        • 4.6.0 Release notes
        • 4.5.4 Release notes
        • 4.5.3 Release notes
        • 4.5.2 Release notes
        • 4.5.1 Release notes
        • 4.5.0 Release notes
        • 4.4.5 Release notes
        • 4.4.4 Release notes
        • 4.4.3 Release notes
        • 4.4.2 Release notes
        • 4.4.1 Release notes
        • 4.4.0 Release notes
        • 4.3.11 Release notes
        • 4.3.10 Release notes
        • 4.3.9 Release notes
        • 4.3.8 Release notes
        • 4.3.7 Release notes
        • 4.3.6 Release notes
        • 4.3.5 Release notes
        • 4.3.4 Release notes
        • 4.3.3 Release notes
        • 4.3.2 Release notes
        • 4.3.1 Release notes
        • 4.3.0 Release notes
        • 4.2.7 Release notes
        • 4.2.6 Release notes
        • 4.2.5 Release notes
        • 4.2.4 Release notes
        • 4.2.3 Release notes
        • 4.2.2 Release notes
        • 4.2.1 Release notes
        • 4.2.0 Release notes
        • 4.1.5 Release notes
        • 4.1.4 Release notes
        • 4.1.3 Release notes
        • 4.1.2 Release notes
        • 4.1.1 Release notes
        • 4.1.0 Release notes
        • 4.0.4 Release notes
        • 4.0.3 Release notes
        • 4.0.2 Release notes
        • 4.0.1 Release notes
        • 4.0.0 Release notes
      • 3.x
        • 3.13.6 Release notes
        • 3.13.5 Release notes
        • 3.13.4 Release notes
        • 3.13.3 Release notes
        • 3.13.2 Release notes
        • 3.13.1 Release notes
        • 3.13.0 Release notes
        • 3.12.3 Release notes
        • 3.12.2 Release notes
        • 3.12.1 Release notes
        • 3.12.0 Release notes
        • 3.11.4 Release notes
        • 3.11.3 Release notes
        • 3.11.2 Release notes
        • 3.11.1 Release notes
        • 3.11.0 Release notes
        • 3.10.2 Release notes
        • 3.10.1 Release notes
        • 3.10.0 Release notes
        • 3.9.5 Release notes
        • 3.9.4 Release notes
        • 3.9.3 Release notes
        • 3.9.2 Release notes
        • 3.9.1 Release notes
        • 3.9.0 Release notes
        • 3.8.2 Release notes
        • 3.8.1 Release notes
        • 3.8.0 Release notes
        • 3.7.2 Release notes
        • 3.7.1 Release notes
        • 3.7.0 Release notes
        • 3.6.1 Release notes
        • 3.6.0 Release notes
        • 3.5.0 Release notes
        • 3.4.0 Release notes
        • 3.3.1 Release notes
        • 3.3.0 Release notes
        • 3.2.4 Release notes
        • 3.2.3 Release notes
        • 3.2.2 Release notes
        • 3.2.1 Release notes
        • 3.2.0 Release notes
        • 3.1.0 Release notes
        • 3.0.0 Release notes
      • 2.x
        • 2.1.0 Release notes
    Explore
    • Overview
    • XDR
    • SIEM
    Services
    • Wazuh Cloud
    • Professional support
    • Consulting services
    • Training courses
    Company
    • About us
    • Customers
    • Partners
    Documentation
    • Quickstart
    • Getting started
    • Installation guide
    Resources
    • Blog
    • Community
    • Legal
    © 2025 Wazuh Inc.
    Contact us
    +1 (844) 349 2984
    • X
    • LinkedIn
    • Reddit
    • GitHub
    • Discord
    • Slack
    • Mailing list