Wazuh agent
The Wazuh agent is multi-platform and runs on the endpoints that the user wants to monitor. It communicates with the Wazuh server, sending data in near real-time through an encrypted and authenticated channel.
The agent was developed considering the need to monitor a wide variety of different endpoints without impacting their performance. It is supported on the most popular operating systems, and it requires 35 MB of RAM on average.
The Wazuh agent provides key features to enhance your system’s security.
Log collector |
Command execution |
File integrity monitoring (FIM) |
Security configuration assessment (SCA) |
System inventory |
Malware detection |
Active response |
Container security |
Cloud security |
To install a Wazuh agent, select your operating system and follow the instructions.
If you are deploying Wazuh in a large environment, with a high number of servers or endpoints, keep in mind that this deployment might be easier using automation tools such as Puppet, Chef, SCCM, or Ansible.
Note
Compatibility between the Wazuh agent and the Wazuh manager is guaranteed when the Wazuh manager version is later than or equal to that of the Wazuh agent.
You can also deploy a new agent following the instructions in the Wazuh dashboard. Go to Endpoints Summary, and click on Deploy new agent.
Then the Wazuh dashboard will show you the steps to deploy a new agent.