Wazuh is an open-source security information and event management (SIEM) platform that incorporates XDR and compliance capabilities
It offers intrusion detection, log data analysis, file integrity monitoring, threat intelligence integration, vulnerability detection and compliance reporting, all from a centralised console that can scale with an organisation’s infrastructure
It comprises three main components: the Wazuh agent, which is installed on monitored endpoints; the Wazuh manager, which processes logs, applies rules and generates alerts; and the Wazuh dashboard, based on Kibana and OpenSearch, which allows logs to be visualised, threats to be hunted and responses to be coordinated.
It integrates with other tools such as the Elastic Stack, OpenSearch, Sysmon, Suricata, YARA, TheHive and Cortex for case management and response.
Benefits include thorough file integrity monitoring and real-time detection of reverse shells, while limitations include a steep learning curve and the need for significant tuning to avoid excessive false positives.