Wazuh server

The Wazuh server is the Wazuh central component that analyzes data it receives from agents, external APIs, and network devices. It analyzes the received data by correlating and matching it against a predefined ruleset to generate alerts for security monitoring and management.

The Wazuh server comprises two main components; the Wazuh manager and Filebeat. The Wazuh manager is responsible for data analysis and alerting, while the indexer integration forwards the analyzed data to the Wazuh indexer. Refer to the Wazuh server installation documentation for information on how to install and set it up.