Enrolling agents

Enrolling agents is the process of connecting your endpoints (servers, workstations, or cloud instances) to your Wazuh Cloud environment. Once enrolled, Wazuh agents begin forwarding security telemetry such as logs, vulnerabilities, and configuration data.

Deploying agent

To start using Wazuh, you need to install a Wazuh agent on your endpoint and enroll it in your environment.

Follow these steps to deploy an agent:

  1. Log into the Wazuh dashboard.

  2. Click the upper-left menu icon , expand Agents management and select Summary.

  3. Click Deploy new agent.

  4. Follow the steps outlined on the Deploy new agent page.

Enrolling an agent

Verifying agent enrollment

Once installed, the agent automatically attempts to connect to Wazuh Cloud. Verify the enrollment by following the below steps:

  1. Log into the Wazuh dashboard.

  2. Click the upper-left menu icon , expand Agents management and select Summary.

  3. The list of agents are displayed on the Summary page.

Verifying agent enrollment

Creating agent groups

Agent groups in Wazuh are used to organize and manage agents by grouping them based on criteria such as role, location, or system type. This allows for centralized management and tailored configuration, enabling you to apply rules, policies, and settings efficiently. New agents are automatically assigned to a default group called "default" if they are not placed in another group. Use the default group for basic monitoring first, then assign agents to more appropriate groups as needed.

To manage devices within your environment more efficiently, you can create groups and assign agents to these groups at the point of enrollment. Follow these steps to create groups on your dashboard:

  1. Log in to the Wazuh dashboard.

  2. Click the upper-left menu icon , expand Agents management and select Groups.

  3. Click Add new group on the upper right corner on the Groups page.

  4. Specify the group name and click Save new group.

Create agent group