• Blog
  • Community
  • Contact us
  • X
  • LinkedIn
  • Reddit
  • GitHub
  • Discord
  • Slack
  • Mailing list
Wazuh
  • Platform
    • Overview
    • XDR
    • SIEM
  • Cloud
  • CTI
  • Documentation
  • Services
    • Professional support
    • Consulting services
    • Training courses
  • Partners
    • Become a partner
    • Find a partner
  • Company
    • Customers
    • About us
    • Our team
    • Resources
    Search now!
    • Getting started
      • Components
        • Wazuh indexer
        • Wazuh server
        • Wazuh dashboard
        • Wazuh agent
      • Architecture
      • Use cases
        • Configuration assessment
        • Malware detection
        • File integrity monitoring
        • Threat hunting
        • Log data analysis
        • Vulnerability detection
        • Incident response
        • Regulatory compliance
        • IT hygiene
        • Container security
        • Posture management
        • Cloud workload protection
    • Quickstart
    • Installation guide
      • Wazuh indexer
        • Assisted installation
        • Step-by-step installation
      • Wazuh server
        • Assisted installation
        • Step-by-step installation
      • Wazuh dashboard
        • Assisted installation
        • Step-by-step installation
      • Wazuh agent
        • Linux
        • Windows
        • macOS
        • Solaris
        • AIX
        • HP-UX
      • Packages list
      • Uninstalling Wazuh
        • Uninstalling the Wazuh central components
        • Uninstalling the Wazuh agent
    • Installation alternatives
      • Virtual Machine (OVA)
      • Amazon Machine Images (AMI)
      • Deployment on Docker
        • Docker installation
        • Wazuh Docker deployment
        • Wazuh Docker utilities
        • Upgrading Wazuh Docker
        • FAQ
      • Deployment on Kubernetes
        • Kubernetes configuration
        • Deployment
        • Upgrade Wazuh installed in Kubernetes
        • Clean Up
      • Offline installation
        • Install Wazuh components using the assistant
        • Install Wazuh components step by step
      • Installation from sources
        • Installing the Wazuh manager from sources
        • Installing the Wazuh agent from sources
      • Deployment with Ansible
        • Installation Guide
          • Install Ansible
          • Install Wazuh indexer and dashboard
          • Install Wazuh manager
          • Install a Wazuh cluster
          • Install Wazuh Agent
        • Remote endpoints connection
        • Roles
          • Wazuh indexer
          • Wazuh dashboard
          • Filebeat
          • Wazuh Manager
          • Wazuh Agent
        • Variables references
      • Deployment with Puppet
        • Set up Puppet
          • Installing Puppet master
          • Installing Puppet agent
          • Setting up Puppet certificates
        • Wazuh Puppet module
          • Wazuh manager class
          • Wazuh agent class
    • User manual
      • Wazuh server
        • Wazuh manager
        • Indexer integration
        • Alert management
        • Event logging
        • External API integration
        • Queuing mechanisms
      • Wazuh server cluster
        • Architecture overview
        • Types of nodes in a Wazuh server cluster
        • How the Wazuh server cluster works
        • Wazuh cluster nodes configuration
        • Data synchronization
        • Certificates deployment
        • Adding new Wazuh server nodes
          • Certificates creation
          • Configuring existing components to connect with the new node
          • Wazuh server node(s) installation
          • Testing the cluster
        • Agent connections
        • Load balancers
      • Wazuh server API
        • Getting started
        • Configuration
        • Securing the Wazuh server API
        • Role-Based Access Control
          • How it works
          • Authorization Context
          • RBAC Reference
        • Filtering data using Wazuh Query Language (WQL)
        • Use cases
        • Reference
      • Wazuh indexer
        • Wazuh indexer indices
        • Re-indexing
        • Wazuh indexer tuning
        • Migrating Wazuh indices
      • Wazuh indexer cluster
        • Certificates deployment
        • Adding Wazuh indexer nodes
        • Wazuh indexer cluster tuning
        • Index lifecycle management
        • Cluster management
      • Wazuh indexer API
        • Getting started
        • Configuration
        • Securing the Wazuh indexer API
        • Use cases
      • Wazuh dashboard
        • Navigating the Wazuh dashboard
        • Creating custom dashboards
        • Filtering data using Wazuh Query Language (WQL)
        • Enabling multi-tenancy
        • Configuring third-party SSL certificates
          • Configuring SSL certificates on the Wazuh dashboard using Let’s Encrypt
          • Configuring SSL certificates on the Wazuh dashboard using NGINX
        • Setting up custom branding
        • Wazuh dashboard settings
        • Troubleshooting
        • Certificates deployment
      • Wazuh agent
        • Wazuh agent enrollment
          • Requirements
          • Wazuh agent life cycle
          • Enrollment methods
            • Enrollment via agent configuration
              • Linux/Unix
              • Windows
              • macOS
            • Enrollment via Wazuh server API
              • Requesting the client key
              • Importing the client key to the Wazuh agent
          • Additional security options
            • Using password authentication
            • Wazuh manager identity verification
            • Wazuh agent identity verification
          • Deployment variables
            • Linux
            • Windows
            • macOS
            • AIX
          • Troubleshooting
        • Wazuh agent management
          • Wazuh agent connection
          • Wazuh agent administration
            • Querying the Wazuh agent configuration
            • Grouping agents
            • Listing agents
              • Listing agents using the CLI
              • Listing agents using the Wazuh server API
              • Listing agents using the Wazuh dashboard
            • Anti-tampering
            • Removing agents
              • Remove agents using the CLI
              • Remove agents using the Wazuh server API
            • Remote upgrading
              • Upgrading the Wazuh agent
              • Wazuh signed package (WPK) files
              • Agent upgrade module
            • Wazuh agent queue
            • Agent labels
            • Agent key request
      • Data analysis
        • Decoders
          • JSON decoder
          • Dynamic fields
          • Sibling Decoders
          • Custom decoders
        • Rules
          • Default rules
          • Custom rules
          • Rules classification
        • Ruleset XML syntax
          • Decoders Syntax
          • Rules Syntax
          • Regular Expression Syntax
          • Perl-compatible Regular Expressions
        • Testing decoders and rules
        • Using CDB lists
        • MITRE ATT&CK framework
      • User administration
        • Password management
        • Wazuh RBAC - How to create and map internal users
        • Single sign-on
          • Setup single sign-on with administrator role
            • Okta
            • Microsoft Entra ID
            • PingOne
            • Google
            • Jumpcloud
            • OneLogin
            • Keycloak
          • Setup single sign-on with read-only role
            • Okta
            • Microsoft Entra ID
            • PingOne
            • Google
            • Jumpcloud
            • OneLogin
            • Keycloak
        • LDAP integration
      • Capabilities
        • File integrity monitoring
          • How it works
          • How to configure the FIM module
          • Interpreting the FIM module analysis
          • Basic settings
          • Creating custom FIM rules
          • Advanced settings
          • Use cases
            • Detecting malware persistence technique
            • Detecting account manipulation
            • Monitoring files at specific intervals
            • Reporting file changes
            • Monitoring configuration changes
          • Windows Registry monitoring
        • Malware detection
          • File integrity monitoring and threat detection rules
          • Rootkits behavior detection
          • CDB lists and threat intelligence
          • VirusTotal integration
          • File integrity monitoring and YARA
          • ClamAV logs collection
          • Windows Defender logs collection
          • Custom rules to detect malware IOC
        • Security Configuration Assessment
          • How SCA works
          • How to configure SCA
          • Available SCA policies
          • Creating custom SCA policies
          • Use cases
        • Active Response
          • How to configure Active Response
          • Default active response scripts
          • Custom active response scripts
          • Use cases
            • Blocking SSH brute-force attack with Active Response
            • Restarting the Wazuh agent with Active Response
            • Disabling a Linux user account with Active Response
          • Additional information
        • Log data collection
          • How it works
          • Configuration for monitoring log files
          • Configuring syslog on the Wazuh server
          • Journald log collection
          • Using multiple socket outputs
          • Configuring log collection for different operating systems
          • Log data analysis
          • Use cases
        • Vulnerability detection
          • How it works
          • Configuring vulnerability detection
          • Offline Update
          • Troubleshooting
            • Frequently Asked Questions (FAQs)
            • Known issues
        • Command monitoring
          • How it works
          • Configuration
          • Command output analysis
          • Use cases
            • Monitoring running processes
            • Disk space utilization
            • Check if the output changed
            • Detect USB Storage
            • Load average
        • Container security
          • Using Wazuh to monitor Docker
          • Use cases
        • System inventory
          • How it works
          • Configuration
          • Viewing system inventory data
          • Generating system inventory reports
          • Available inventory fields
          • Compatibility matrix
          • Using Syscollector information to trigger alerts
          • Osquery
        • Monitoring system calls
          • How it works
          • Configuration
          • Use cases
            • Monitoring file and directory access
            • Monitoring commands run as root
            • Privilege abuse
        • Agentless monitoring
          • How it works
          • Connection
          • Configuration
          • Visualization
          • Use cases
      • Reference
        • Local configuration (ossec.conf)
          • active-response
          • agentless
          • agent-upgrade
          • alerts
          • anti_tampering
          • auth
          • client
          • client_buffer
          • cluster
          • command
          • database_output
          • email_alerts
          • global
          • github
          • indexer
          • integration
          • labels
          • localfile
          • logging
          • ms-graph
          • office365
          • remote
          • reports
          • rootcheck
          • sca
          • rule_test
          • ruleset
          • socket
          • syscheck
          • syslog_output
          • task-manager
          • fluent-forward
          • gcp-pubsub
          • gcp-bucket
          • vulnerability-detection
          • wodle name="command"
          • wodle name="aws-s3"
          • wodle name="syscollector"
          • wazuh-db
          • wodle name="osquery"
          • wodle name="docker-listener"
          • wodle name="azure-logs"
          • wodle name="agent-key-polling"
          • Verifying configuration
        • Centralized configuration (agent.conf)
        • Internal configuration
        • Daemons
          • wazuh-agentd
          • wazuh-agentlessd
          • wazuh-analysisd
          • wazuh-authd
          • wazuh-csyslogd
          • wazuh-dbd
          • wazuh-execd
          • wazuh-logcollector
          • wazuh-maild
          • wazuh-monitord
          • wazuh-remoted
          • wazuh-reportd
          • wazuh-syscheckd
          • wazuh-clusterd
          • wazuh-modulesd
          • wazuh-db
          • Tables available for wazuh-db
          • wazuh-integratord
        • Tools
          • agent-auth
          • agent_control
          • manage_agents
          • wazuh-control
          • wazuh-logtest
          • clear_stats
          • wazuh-regex
          • rbac_control
          • update_ruleset
          • verify-agent-conf
          • agent_groups
          • agent_upgrade
          • cluster_control
          • fim_migrate
          • wazuh-keystore
        • Unattended Installation
        • Statistics files
          • wazuh-agentd.state
          • wazuh-remoted.state
          • wazuh-analysisd.state
          • wazuh-logcollector.state
    • Cloud security
      • Monitoring Amazon Web Services (AWS)
        • Monitoring AWS instances
        • Monitoring AWS based services
          • Prerequisites
            • Installing dependencies
            • Configuring an S3 Bucket
            • Configuring AWS IAM Identities
            • Configuring AWS policy
            • Configuring AWS credentials
            • Considerations for the Wazuh module for AWS configuration
          • Supported services
            • AWS CloudTrail
            • Amazon Virtual Private Cloud (VPC)
            • AWS Config
            • AWS Key Management Service (KMS)
            • Amazon Macie
            • AWS Trusted Advisor
            • Amazon GuardDuty
            • Amazon Web Application Firewall (WAF)
            • Amazon S3 Server Access
            • Amazon Inspector Classic
            • Amazon CloudWatch Logs
            • Amazon ECR Image scanning
            • Cisco Umbrella
            • Elastic Load Balancers
              • Amazon Application Load Balancer (ALB)
              • Amazon Classic Load Balancer (CLB)
              • Amazon Network Load Balancer (NLB)
            • Amazon Security Lake
            • Custom Logs Buckets
            • AWS Security Hub
          • Troubleshooting
      • Monitoring Microsoft Azure with Wazuh
        • Monitoring instances
        • Monitoring Azure platform and services
        • Microsoft Azure Log Analytics
        • Microsoft Azure Storage
        • Microsoft Graph
        • Monitoring Microsoft Graph services with Wazuh
          • Microsoft Graph API setup
        • Microsoft Intune integration
      • Monitoring GitHub
        • Monitoring GitHub audit logs
      • Monitoring Google Cloud
        • Monitoring Google Cloud instances
        • Monitoring Google Cloud services
          • Prerequisites
            • Installing dependencies
            • Creating Google Cloud credentials
            • Gcloud Python script
            • Visualizing Google Cloud events on the Wazuh dashboard
          • Configuring the supported services
            • Monitoring Google Cloud Pub/Sub
              • Use cases
            • Monitoring Google Cloud Storage buckets
        • Cloud Security Posture Management
      • Monitoring Office 365
        • Monitoring Office 365 audit logs
    • Regulatory compliance
      • Using Wazuh for PCI DSS compliance
        • Log data analysis
        • Configuration assessment
        • Malware detection
        • File integrity monitoring
        • Vulnerability detection
        • Active Response
        • System inventory
        • Visualization and dashboard
      • Using Wazuh for GDPR compliance
        • GDPR II, Principles <gdpr_II>
        • GDPR III, Rights of the data subject <gdpr_III>
        • GDPR IV, Controller and processor <gdpr_IV>
      • Using Wazuh for HIPAA compliance
        • Visualization and dashboard
        • Log data analysis
        • Configuration assessment
        • Malware detection
        • File integrity monitoring
        • Vulnerability detection
        • Active Response
      • Using Wazuh for NIST 800-53 compliance
        • Visualization and dashboard
        • Log data analysis
        • Security configuration assessment
        • Malware detection
        • File integrity monitoring
        • System inventory
        • Vulnerability detection
        • Active Response
        • Threat intelligence
      • Using Wazuh for TSC compliance
        • Common criteria 2.1
        • Common criteria 3.1
        • Common criteria 5.1
        • Common criteria 6.1
        • Common criteria 7.1
        • Common criteria 8.1
        • The additional criteria
          • Availability - A1.1
          • Processing integrity - PI1.4
    • Proof of Concept guide
      • Blocking a known malicious actor
      • File integrity monitoring
      • Detecting a brute-force attack
      • Monitoring Docker events
      • Monitoring AWS infrastructure
      • Detecting unauthorized processes
      • Network IDS integration
      • Detecting an SQL injection attack
      • Detecting suspicious binaries
      • Detecting and removing malware using VirusTotal integration
      • Vulnerability detection
      • Detecting malware using YARA integration
      • Detecting hidden processes
      • Monitoring execution of malicious commands
      • Detecting a Shellshock attack
      • Leveraging LLMs for alert enrichment
    • Upgrade guide
      • Wazuh central components
      • Wazuh agent
        • Linux
        • Windows
        • macOS
        • Solaris
        • AIX
        • HP-UX
      • Troubleshooting
    • Integrations guide
      • Elastic Stack integration
      • OpenSearch integration
      • Splunk integration
      • Amazon Security Lake integration
    • Backup guide
      • Creating a backup
        • Wazuh central components
        • Wazuh agent
      • Restoring Wazuh from backup
        • Wazuh central components
        • Wazuh agent
    • Wazuh Cloud service
      • Getting started
        • Sign up for a trial
        • Access the Wazuh dashboard
        • Enroll agents
        • Cloud service FAQ
      • Your environment
        • Authentication and authorization
        • Settings
        • Limits
        • Cancellation
        • Monitor usage
        • Forward syslog events
        • Agents without Internet access
        • SMTP configuration
        • Custom DNS
        • Technical FAQ
      • Account and billing
        • Edit user settings
        • Manage your billing details
        • See your billing cycle and history
        • Update billing and operational contacts
        • Stop charges for an environment
        • Billing FAQ
      • Archive data
        • Configuration
        • Filename format
        • Access
      • Wazuh Cloud API
        • Authentication
        • Reference
      • CLI
      • Glossary
    • Development
      • Client keys file
      • Standard OSSEC message format
      • Makefile options
      • Wazuh cluster
      • Wazuh packages generation guide
        • AIX agent
        • Linux manager/agent
        • HPUX agent
        • macOS agent
        • Solaris agent
        • Virtual machine
        • Windows agent
        • WPK
        • Wazuh dashboard
        • Wazuh indexer
      • Wazuh-Logtest
      • SELinux Wazuh context
      • RBAC database integrity
      • Configuring core dump generation
    • Release notes
      • 4.x
        • 4.12.0 Release notes
        • 4.11.2 Release notes
        • 4.11.1 Release notes
        • 4.11.0 Release notes
        • 4.10.1 Release notes
        • 4.10.0 Release notes
        • 4.9.2 Release notes
        • 4.9.1 Release notes
        • 4.9.0 Release notes
        • 4.8.2 Release notes
        • 4.8.1 Release notes
        • 4.8.0 Release notes
        • 4.7.5 Release notes
        • 4.7.4 Release notes
        • 4.7.3 Release notes
        • 4.7.2 Release notes
        • 4.7.1 Release notes
        • 4.7.0 Release notes
        • 4.6.0 Release notes
        • 4.5.4 Release notes
        • 4.5.3 Release notes
        • 4.5.2 Release notes
        • 4.5.1 Release notes
        • 4.5.0 Release notes
        • 4.4.5 Release notes
        • 4.4.4 Release notes
        • 4.4.3 Release notes
        • 4.4.2 Release notes
        • 4.4.1 Release notes
        • 4.4.0 Release notes
        • 4.3.11 Release notes
        • 4.3.10 Release notes
        • 4.3.9 Release notes
        • 4.3.8 Release notes
        • 4.3.7 Release notes
        • 4.3.6 Release notes
        • 4.3.5 Release notes
        • 4.3.4 Release notes
        • 4.3.3 Release notes
        • 4.3.2 Release notes
        • 4.3.1 Release notes
        • 4.3.0 Release notes
        • 4.2.7 Release notes
        • 4.2.6 Release notes
        • 4.2.5 Release notes
        • 4.2.4 Release notes
        • 4.2.3 Release notes
        • 4.2.2 Release notes
        • 4.2.1 Release notes
        • 4.2.0 Release notes
        • 4.1.5 Release notes
        • 4.1.4 Release notes
        • 4.1.3 Release notes
        • 4.1.2 Release notes
        • 4.1.1 Release notes
        • 4.1.0 Release notes
        • 4.0.4 Release notes
        • 4.0.3 Release notes
        • 4.0.2 Release notes
        • 4.0.1 Release notes
        • 4.0.0 Release notes
      • 3.x
        • 3.13.6 Release notes
        • 3.13.5 Release notes
        • 3.13.4 Release notes
        • 3.13.3 Release notes
        • 3.13.2 Release notes
        • 3.13.1 Release notes
        • 3.13.0 Release notes
        • 3.12.3 Release notes
        • 3.12.2 Release notes
        • 3.12.1 Release notes
        • 3.12.0 Release notes
        • 3.11.4 Release notes
        • 3.11.3 Release notes
        • 3.11.2 Release notes
        • 3.11.1 Release notes
        • 3.11.0 Release notes
        • 3.10.2 Release notes
        • 3.10.1 Release notes
        • 3.10.0 Release notes
        • 3.9.5 Release notes
        • 3.9.4 Release notes
        • 3.9.3 Release notes
        • 3.9.2 Release notes
        • 3.9.1 Release notes
        • 3.9.0 Release notes
        • 3.8.2 Release notes
        • 3.8.1 Release notes
        • 3.8.0 Release notes
        • 3.7.2 Release notes
        • 3.7.1 Release notes
        • 3.7.0 Release notes
        • 3.6.1 Release notes
        • 3.6.0 Release notes
        • 3.5.0 Release notes
        • 3.4.0 Release notes
        • 3.3.1 Release notes
        • 3.3.0 Release notes
        • 3.2.4 Release notes
        • 3.2.3 Release notes
        • 3.2.2 Release notes
        • 3.2.1 Release notes
        • 3.2.0 Release notes
        • 3.1.0 Release notes
        • 3.0.0 Release notes
      • 2.x
        • 2.1.0 Release notes
    • User manual
    • Wazuh dashboard
    • Navigating the Wazuh dashboard

    Navigating the Wazuh dashboard

    Dashboards

    The Wazuh dashboard is designed to provide an overview of security-related incidents and activities in your environment in real-time. The Wazuh dashboard aggregates and visualizes data from different sources, enabling administrators and security analysts to identify and respond to potential threats. It features a user-friendly interface that displays dashboards for endpoint security, threat intelligence, security operations and cloud security. It also shows the summary for the connected or disconnected Wazuh agents, and highlights the severity levels of alerts triggered within the last 24 hours.

    Navigating the Wazuh dashboard: Dashboards

    Endpoint security

    This section shows dashboards for:

    • Configuration Assessment

    • Malware Detection

    • File Integrity Monitoring

    Navigating the Wazuh dashboard: Endpoint security

    Threat intelligence

    This section shows dashboards for:

    • Threat Hunting

    • Vulnerability Detection

    • MITRE ATT&CK

    • VirusTotal

    Navigating the Wazuh dashboard: Threat intelligence

    Security operations

    This section shows the dashboards for regulatory standards including:

    • PCI DSS

    • GDPR

    • HIPAA

    • NIST 800-53

    • TSC

    Navigating the Wazuh dashboard: Security operations

    Cloud security

    This section shows dashboards for:

    • Docker

    • Amazon Web Services

    • Google Cloud

    • GitHub

    • Office 365

    Navigating the Wazuh dashboard: Cloud security

    Agents management

    Wazuh agents management offers options for managing agents, agent groups, and agent configurations.

    Navigating the Wazuh dashboard: Agents management

    Summary

    This section shows details of monitored endpoints and options for deploying Wazuh agents.

    Navigating the Wazuh dashboard: Agents management summary

    Endpoint Groups

    Users can view existing groups, create new endpoint groups, and organize endpoints based on these groups.

    Navigating the Wazuh dashboard: Endpoint Groups

    Server management

    Wazuh server management offers options for managing rules, decoders, CDB lists, clusters, security configurations such as user, roles, policies and more.

    Navigating the Wazuh dashboard: Server management

    Rules

    The Rules section allows users to query existing rules using Wazuh Query Language and manage custom rules.

    Navigating the Wazuh dashboard: Rules

    Decoders

    The Decoders section allows users to query existing decoders using Wazuh Query Language and manage custom decoders.

    Navigating the Wazuh dashboard: Decoders

    Constant Database (CDB) lists

    A CDB list is a text file you can use to save a list of users, file hashes, IP addresses, and domain names. CDB lists can act as either allow or deny lists. You can learn more about CDB lists in the documentation.

    Navigating the Wazuh dashboard: CDB lists

    Status

    Users can view the status of different Wazuh daemons, the overall Wazuh agent status, Wazuh manager information, and more.

    Navigating the Wazuh dashboard: Status

    Cluster

    The Cluster section shows the information about your Wazuh cluster.

    Navigating the Wazuh dashboard: Cluster

    Statistics

    Statistics of the Listener Engine and Analysis Engine of the Wazuh server are visible in this section.

    Navigating the Wazuh dashboard: Statistics

    Logs

    Logs stored in /var/ossec/logs/ossec.log in the Wazuh manager are shown in the section below.

    Navigating the Wazuh dashboard: Logs

    Settings

    Users can modify the Wazuh server configuration file located at /var/ossec/etc/ossec.conf from the Wazuh dashboard.

    Navigating the Wazuh dashboard: Settings

    Dev Tools

    Users can make API calls to extract detailed information about security events, Wazuh agents, inventory, vulnerabilities, and more.

    Navigating the Wazuh dashboard: Dev tools

    Ruleset Test

    The Ruleset Test option allows users to test Wazuh rules from the Wazuh dashboard.

    Navigating the Wazuh dashboard: Ruleset Test

    Security

    This section includes the configurations for managing the internal users in Wazuh. It is available.

    Navigating the Wazuh dashboard: Security: Users

    The Roles tab shows the existing roles alongside the Policies assigned to those roles. It also includes the option for creating users.

    Navigating the Wazuh dashboard: Security: Roles

    The Policies tab shows the policies that define the actions that can be performed by the internal users. These policies are assigned to Roles.

    Navigating the Wazuh dashboard: Security: Policies

    The Roles mapping tab presents users with the option to assign different roles and policies to internal users.

    Navigating the Wazuh dashboard: Security: Roles mapping

    Index management

    The Wazuh indexer is a real-time, full-text search and analytics engine for security data. Log data ingested into the Wazuh server is analyzed and forwarded to the Wazuh indexer for indexing and storage.

    Navigating the Wazuh dashboard: Index management

    Index and Snapshot Management

    The Wazuh indexer management menu provides a graphical user interface for managing your Wazuh indexers, snapshots, and the security of who or what has access to them. Please see the Wazuh indexer documentation to find out more.

    Navigating the Wazuh dashboard: Index and snapshot management

    Security

    This section includes the configuration for access to Wazuh resources based on the roles and permissions assigned to the users. Please see the Wazuh RBAC documentation to find out more.

    Navigating the Wazuh dashboard: Security

    Sample Data

    This section gives you the option of adding sample data to any of the listed modules. These data can be seen on the module dashboard, giving you insight into how these modules can be utilized to your benefit.

    Navigating the Wazuh dashboard: Sample data

    Dev Tools

    This section allows you to make API queries for Wazuh indexer operations, such as cluster management, exploring indexer data, debugging errors, and more.

    Navigating the Wazuh dashboard: Dev tools

    Dashboard management

    Dashboard Management

    The Wazuh Dashboard Management section includes the options for creating and managing your index patterns, saved objects, and advanced settings you can make to your Wazuh dashboard.

    Navigating the Wazuh dashboard: Dashboards management

    Reporting

    The reporting section shows your generated reports.

    Navigating the Wazuh dashboard: Reporting

    Server APIs

    In this section, you can list all your inserted API credentials. Each entry has multiple available actions to manage it. Remember that a functional API is needed to add or edit an entry. Check your API connection status before adding them to the Wazuh dashboard.

    Navigating the Wazuh dashboard: API connections

    Users can also receive notifications when a new Wazuh update is available, with the option to dismiss these notifications. You can opt out of future alerts by checking the Disable updates notifications option.

    App Settings

    The Configuration tab gives a quick look at the Wazuh dashboard configuration file. It also allows the user to modify the Wazuh dashboard settings. The documentation for the /usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml file can be found in the Wazuh dashboard settings section.

    Navigating the Wazuh dashboard: App settings - Configuration

    From the Miscellaneous tab, you can run a health check on the Wazuh components.

    Navigating the Wazuh dashboard: App settings - Miscellaneous

    About

    This section provides information about your currently installed Wazuh dashboard package, such as version, revision, and installation date. If you want to discover what's new on each release, you can go to our Changelog file to check it out.

    Navigating the Wazuh dashboard: About
    Wazuh dashboard Creating custom dashboards
    On this page
    • Navigating the Wazuh dashboard
      • Dashboards
        • Endpoint security
        • Threat intelligence
        • Security operations
        • Cloud security
      • Agents management
        • Summary
        • Endpoint Groups
      • Server management
        • Rules
        • Decoders
        • Constant Database (CDB) lists
        • Status
        • Cluster
        • Statistics
        • Logs
        • Settings
        • Dev Tools
        • Ruleset Test
        • Security
      • Index management
        • Index and Snapshot Management
        • Security
        • Sample Data
        • Dev Tools
      • Dashboard management
        • Dashboard Management
        • Reporting
        • Server APIs
        • App Settings
        • About
    Explore
    • Overview
    • XDR
    • SIEM
    Services
    • Wazuh Cloud
    • Professional support
    • Consulting services
    • Training courses
    Company
    • About us
    • Customers
    • Partners
    Documentation
    • Quickstart
    • Getting started
    • Installation guide
    Resources
    • Blog
    • Community
    • Legal
    © 2025 Wazuh Inc.
    Contact us
    +1 (844) 349 2984
    • X
    • LinkedIn
    • Reddit
    • GitHub
    • Discord
    • Slack
    • Mailing list
    Navigating the Wazuh dashboard: Dashboards
    Next image
    Navigating the Wazuh dashboard: Dashboards
    Image 1 of 34
    Navigating the Wazuh dashboard: Endpoint security
    Previous image
    Next image
    Navigating the Wazuh dashboard: Endpoint security
    Image 2 of 34
    Navigating the Wazuh dashboard: Threat intelligence
    Previous image
    Next image
    Navigating the Wazuh dashboard: Threat intelligence
    Image 3 of 34
    Navigating the Wazuh dashboard: Security operations
    Previous image
    Next image
    Navigating the Wazuh dashboard: Security operations
    Image 4 of 34
    Navigating the Wazuh dashboard: Cloud security
    Previous image
    Next image
    Navigating the Wazuh dashboard: Cloud security
    Image 5 of 34
    Navigating the Wazuh dashboard: Agents management
    Previous image
    Next image
    Navigating the Wazuh dashboard: Agents management
    Image 6 of 34
    Navigating the Wazuh dashboard: Agents management summary
    Previous image
    Next image
    Navigating the Wazuh dashboard: Agents management summary
    Image 7 of 34
    Navigating the Wazuh dashboard: Endpoint Groups
    Previous image
    Next image
    Navigating the Wazuh dashboard: Endpoint Groups
    Image 8 of 34
    Navigating the Wazuh dashboard: Server management
    Previous image
    Next image
    Navigating the Wazuh dashboard: Server management
    Image 9 of 34
    Navigating the Wazuh dashboard: Rules
    Previous image
    Next image
    Navigating the Wazuh dashboard: Rules
    Image 10 of 34
    Navigating the Wazuh dashboard: Decoders
    Previous image
    Next image
    Navigating the Wazuh dashboard: Decoders
    Image 11 of 34
    Navigating the Wazuh dashboard: CDB lists
    Previous image
    Next image
    Navigating the Wazuh dashboard: CDB lists
    Image 12 of 34
    Navigating the Wazuh dashboard: Status
    Previous image
    Next image
    Navigating the Wazuh dashboard: Status
    Image 13 of 34
    Navigating the Wazuh dashboard: Cluster
    Previous image
    Next image
    Navigating the Wazuh dashboard: Cluster
    Image 14 of 34
    Navigating the Wazuh dashboard: Statistics
    Previous image
    Next image
    Navigating the Wazuh dashboard: Statistics
    Image 15 of 34
    Navigating the Wazuh dashboard: Logs
    Previous image
    Next image
    Navigating the Wazuh dashboard: Logs
    Image 16 of 34
    Navigating the Wazuh dashboard: Settings
    Previous image
    Next image
    Navigating the Wazuh dashboard: Settings
    Image 17 of 34
    Navigating the Wazuh dashboard: Dev tools
    Previous image
    Next image
    Navigating the Wazuh dashboard: Dev tools
    Image 18 of 34
    Navigating the Wazuh dashboard: Ruleset Test
    Previous image
    Next image
    Navigating the Wazuh dashboard: Ruleset Test
    Image 19 of 34
    Navigating the Wazuh dashboard: Security: Users
    Previous image
    Next image
    Navigating the Wazuh dashboard: Security: Users
    Image 20 of 34
    Navigating the Wazuh dashboard: Security: Roles
    Previous image
    Next image
    Navigating the Wazuh dashboard: Security: Roles
    Image 21 of 34
    Navigating the Wazuh dashboard: Security: Policies
    Previous image
    Next image
    Navigating the Wazuh dashboard: Security: Policies
    Image 22 of 34
    Navigating the Wazuh dashboard: Security: Roles mapping
    Previous image
    Next image
    Navigating the Wazuh dashboard: Security: Roles mapping
    Image 23 of 34
    Navigating the Wazuh dashboard: Index management
    Previous image
    Next image
    Navigating the Wazuh dashboard: Index management
    Image 24 of 34
    Navigating the Wazuh dashboard: Index and snapshot management
    Previous image
    Next image
    Navigating the Wazuh dashboard: Index and snapshot management
    Image 25 of 34
    Navigating the Wazuh dashboard: Security
    Previous image
    Next image
    Navigating the Wazuh dashboard: Security
    Image 26 of 34
    Navigating the Wazuh dashboard: Sample data
    Previous image
    Next image
    Navigating the Wazuh dashboard: Sample data
    Image 27 of 34
    Navigating the Wazuh dashboard: Dev tools
    Previous image
    Next image
    Navigating the Wazuh dashboard: Dev tools
    Image 28 of 34
    Navigating the Wazuh dashboard: Dashboards management
    Previous image
    Next image
    Navigating the Wazuh dashboard: Dashboards management
    Image 29 of 34
    Navigating the Wazuh dashboard: Reporting
    Previous image
    Next image
    Navigating the Wazuh dashboard: Reporting
    Image 30 of 34
    Navigating the Wazuh dashboard: API connections
    Previous image
    Next image
    Navigating the Wazuh dashboard: API connections
    Image 31 of 34
    Navigating the Wazuh dashboard: App settings - Configuration
    Previous image
    Next image
    Navigating the Wazuh dashboard: App settings - Configuration
    Image 32 of 34
    Navigating the Wazuh dashboard: App settings - Miscellaneous
    Previous image
    Next image
    Navigating the Wazuh dashboard: App settings - Miscellaneous
    Image 33 of 34
    Navigating the Wazuh dashboard: About
    Previous image
    Navigating the Wazuh dashboard: About
    Image 34 of 34