Capabilities

In this section, you will find:

• A deeper explanation of how each capability works.
• Configuration options for specific capabilities.
• Frequently asked questions.
• Some practical examples.

If you find a problem, error or if you want to ask related questions, please contact us through our mailing list.

• Log data collection
  • How it works
  • How to collect Windows logs
  • Configuration
  • FAQ
• File integrity monitoring
  • How it works
  • Configuration
  • FAQ
• Auditing who-data
  • Auditing who-data in Linux
  • Auditing who-data in Windows
  • Manual configuration of the Local Audit Policies in Windows
• Anomaly and malware detection
  • How it works
  • Configuration
  • FAQ
• Security Configuration Assessment
  • Security Configuration Assessment
  • How it works
  • Use case: Getting an alert when a check changes its result value
• Monitoring security policies
  • Rootcheck
  • OpenSCAP
  • CIS-CAT integration
• Monitoring system calls
  • How it works
  • Configuration
• Command monitoring
  • How it works
  • Configuration
  • FAQ
• Active response
  • How it works
  • Configuration
  • FAQ
• Agentless monitoring
  • How it works
  • Configuration
  • FAQ
• Anti-flooding mechanism
  • Why an anti-flooding mechanism is needed
  • How it works: Leaky bucket
  • Use case: Leaky bucket
  • Anti-flooding in agent modules
• Agent labels
  • How it works
  • Use case
• System inventory
  • How it works
  • Available scans
  • Compatibility matrix
  • Using Syscollector information to trigger alerts
  • Use case: Visualize system inventory in the Wazuh app
• Vulnerability detection
  • How it works
  • Compatibility matrix
  • Use case: Running a vulnerability scan
• VirusTotal integration
  • About VirusTotal
  • How it works
• Osquery
  • How it works
  • Configuration
  • Alert examples
• Agent key polling
  • How it works
  • Input
  • Output
  • Example scripts