Vulnerability detection

Vulnerabilities are security flaws in a system, application, or network that threat actors can exploit to compromise confidentiality, integrity, or availability. When exploited, vulnerabilities may allow unauthorized access, remote code execution, data exfiltration, or system disruption. Therefore, organizations must implement a vulnerability management strategy to help minimize the attack surface and prevent exploitation by continuously identifying and remediating these security flaws. Timely detection and response to vulnerabilities are critical to ensuring a strong and resilient security posture.

Wazuh offers users a means to manage vulnerabilities within an IT infrastructure using the Vulnerability Detection module. The Wazuh Vulnerability Detection module helps users discover vulnerabilities in the operating system and applications installed on the monitored endpoints. The module functions using one of the following vulnerability sources:

  • Wazuh vulnerabilities repository in our Cyber Threat Intelligence (CTI) platform.

  • Offline vulnerabilities repository - a locally hosted copy of the Wazuh threat intelligence repository from the Wazuh CTI platform.

The Wazuh agent collects a list of installed applications (software inventory data) from monitored endpoints and sends it to the Wazuh server. The Vulnerability Detection module then correlates this software inventory data with vulnerability information obtained from the vulnerability repository.