Vulnerability detection

Vulnerabilities are security flaws in computer systems that threat actors can exploit to gain unauthorized access to these systems. After exploitation, malware and threat actors may be able to perform remote code execution, exfiltrate data, and carry out other malicious activities. Therefore, organizations must have strategies or security solutions that promptly detect vulnerabilities in their network before bad actors exploit them. Prompt detection and remediation of vulnerabilities in a network help to strengthen its overall security posture.

The Wazuh Vulnerability Detection module helps users discover vulnerabilities in the operating system and applications installed on the monitored endpoints. The module functions using one of the following vulnerability sources.

  • Wazuh vulnerabilities repository in our Cyber Threat Intelligence (CTI) platform.

  • Offline local vulnerabilities repository.

We aggregate vulnerability data from external vulnerability sources indexed by Canonical, Debian, Red Hat, Arch Linux, Amazon Linux Advisories Security (ALAS), Microsoft, and the National Vulnerability Database (NVD) to provide vulnerability information. We keep this information updated ensuring the solution checks for the latest CVEs.