All the communications are performed through Wazuh agents once they are registered to the environment.
It is possible to get a new URL by opening a support ticket through the Help section on the Wazuh Cloud Console, but the previous URL is also kept.
When the selected indexed data capacity is reached, the oldest events will be automatically removed from your index regardless of the index data time. This data is available in archive data for you to access. See the Archive data section to learn more about data logging and storage.
It's possible to download the data from the archive data and re-index it into your local environments. However, it isn't possible to re-index it in your cloud environment.
You can upgrade or downgrade a setting by contacting the Wazuh team through the Help section of your Wazuh Cloud Console. See also Adjusting environment settings.
If the maximum number of active agents is reached, the environment may start to malfunction, causing instability with agent connections. While the system can tolerate temporarily exceeding the limit of active agents, appropriate measures will be taken if the situation persists.
If the data ingestion is exceeded, events start to queue. If the queue becomes full, Wazuh discards the incoming events, which might lead to event loss. The cloud service automatically manages the queuing mechanism, ensuring optimal resource usage.
SSH access is not allowed for security reasons. Environments are managed from the Wazuh Cloud Console and Wazuh WUI.
Wazuh takes care of the updates, so your environment gets the latest version of Wazuh with no downtime.
No, all the communications are performed through Wazuh agents once they are registered into the environment. However, you have alternative options. For more information on how to forward syslog events to your environment, see the Forward syslog events section.
No, all the communications are performed through Wazuh agents.
Yes, you can access the Wazuh WUI of your environment through your SSO tool. To perform this action, you need to contact the Wazuh Support team through the Help section of your Wazuh Cloud Console.
You have access to the Dev tools through your Wazuh dashboard, where you can use the API. The Wazuh API is not exposed, but you can contact the Wazuh team through the Help section of your Wazuh Cloud Console to allow Wazuh API access from a specific IP address.
The Wazuh indexer API is not accessible by default. If you want to access it, contact the Wazuh team through the Help section of your Wazuh Cloud Console to authorize the connection from a specific IP address. After authorization is granted, you have access to the
GET methods of the Wazuh indexer API.
You can download your data from archive data. Then, you can push it to other solutions or Security Operations Center (SOC).
When selecting a region to host your environment, if you are not sure which one is the best option for you, select one that is the closest to your location since this typically reduces latency for indexing and search requests.