Wazuh is an integrated security platform that combines endpoint detection and response, security information and event management, and cloud workload protection. It functions as a centralized system for collecting telemetry, aggregating logs, and correlating events across distributed infrastructure to maintain security and integrity.
The platform distinguishes itself through its active response orchestration, which allows for the automated execution of scripts on remote endpoints to neutralize threats in real time. It provides deep visibility into system activity through file integrity monitoring and malware detection, while simultaneously evaluating configurations and software versions against established security benchmarks and threat databases.
Beyond core detection, the platform supports comprehensive regulatory compliance auditing and user access management. It monitors both traditional endpoints and ephemeral cloud or containerized environments, providing a unified interface for security teams to identify patterns, enforce policies, and automate incident response actions.
