# wazuh/wazuh **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/wazuh-wazuh).** 14,779 stars · 2,163 forks · C · other ## Links - GitHub: https://github.com/wazuh/wazuh - Homepage: https://wazuh.com/ - awesome-repositories: https://awesome-repositories.com/repository/wazuh-wazuh.md ## Topics `cloud-security` `compliance` `configuration-assessement` `container-security` `cybersecurity` `file-integrity-monitoring` `incident-response` `infosec` `log-analysis` `malware-detection` `pci-dss` `security` `security-audit` `security-automation` `security-hardening` `security-tools` `siem` `vulnerability-detection` `wazuh` `xdr` ## Description Wazuh is an integrated security platform that combines endpoint detection and response, security information and event management, and cloud workload protection. It functions as a centralized system for collecting telemetry, aggregating logs, and correlating events across distributed infrastructure to maintain security and integrity. The platform distinguishes itself through its active response orchestration, which allows for the automated execution of scripts on remote endpoints to neutralize threats in real time. It provides deep visibility into system activity through file integrity monitoring and malware detection, while simultaneously evaluating configurations and software versions against established security benchmarks and threat databases. Beyond core detection, the platform supports comprehensive regulatory compliance auditing and user access management. It monitors both traditional endpoints and ephemeral cloud or containerized environments, providing a unified interface for security teams to identify patterns, enforce policies, and automate incident response actions. ## Tags ### Security & Cryptography - [Operations and Incident Response](https://awesome-repositories.com/f/security-cryptography/security/operations-and-incident-response.md) — Provides an integrated security agent for endpoint detection, file integrity monitoring, and automated incident response. - [Security Information Management](https://awesome-repositories.com/f/security-cryptography/security/operations-and-incident-response/security-information-management.md) — Aggregates log data and endpoint telemetry to provide centralized visibility and threat detection. - [Cloud Security Monitoring](https://awesome-repositories.com/f/security-cryptography/cloud-security-monitoring.md) — Monitors ephemeral cloud and containerized environments to detect misconfigurations and enforce security policies. - [Container Security](https://awesome-repositories.com/f/security-cryptography/container-security.md) — Maintains visibility into cloud and container environments to detect threats and enforce consistent security policies. ([source](https://documentation.wazuh.com/)) - [Vulnerability Scanners](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/vulnerability-assessment-tools/vulnerability-scanners.md) — Identifies known security weaknesses and missing software updates across distributed systems to maintain infrastructure integrity. - [Audit and Compliance](https://awesome-repositories.com/f/security-cryptography/governance-policy-frameworks/compliance-governance/audit-and-compliance.md) — Maps security events and system configurations against industry standards to verify regulatory compliance. - [Security and Compliance](https://awesome-repositories.com/f/security-cryptography/governance-policy-frameworks/compliance-governance/security-and-compliance.md) — The platform maps security events and system configurations against industry standards to generate reports and verify adherence to security policies. ([source](https://documentation.wazuh.com/)) - [Infrastructure and System Hardening](https://awesome-repositories.com/f/security-cryptography/security/infrastructure-and-hardware/infrastructure-system-hardening.md) — Evaluates system settings against security benchmarks and scans for weaknesses to maintain a hardened infrastructure. - [Vulnerability Scanning](https://awesome-repositories.com/f/security-cryptography/vulnerability-scanning.md) — Scans systems and applications for known security weaknesses and missing updates to ensure a hardened infrastructure. ([source](https://documentation.wazuh.com/)) - [Security Configurations](https://awesome-repositories.com/f/security-cryptography/security-configurations.md) — The platform evaluates system settings against established security benchmarks to identify misconfigurations and ensure adherence to hardening standards. ([source](https://documentation.wazuh.com/current/index.html)) - [Threat Detection](https://awesome-repositories.com/f/security-cryptography/threat-detection.md) — The platform identifies malicious software by scanning files and observing system behavior to match against known threat signatures and patterns. ([source](https://documentation.wazuh.com/current/index.html)) - [Vulnerability Assessment Frameworks](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing-tools/reconnaissance-assessment-platforms/vulnerability-assessment-frameworks.md) — Systematically scans software versions and configurations against threat databases to identify security weaknesses. - [User Access Management](https://awesome-repositories.com/f/security-cryptography/user-access-management.md) — The platform controls system access through role-based permissions and connects with external identity providers to centralize user authentication. ([source](https://documentation.wazuh.com/current/index.html)) ### DevOps & Infrastructure - [Cloud Infrastructure Security](https://awesome-repositories.com/f/devops-infrastructure/cloud-infrastructure-security.md) — Maintains visibility into cloud workloads and container environments to detect threats and ensure secure configurations. - [Event-Based Triggers](https://awesome-repositories.com/f/devops-infrastructure/automation-orchestration/task-execution-frameworks/event-based-triggers.md) — Triggers automated scripts on remote endpoints to neutralize security threats in real time. ### System Administration & Monitoring - [Centralized Logging Systems](https://awesome-repositories.com/f/system-administration-monitoring/centralized-logging-systems.md) — Aggregates and normalizes heterogeneous logs from distributed infrastructure into a unified format for security analysis. - [Endpoint Monitoring Agents](https://awesome-repositories.com/f/system-administration-monitoring/telemetry-and-monitoring-agents/endpoint-monitoring-agents.md) — Deploys lightweight agents to endpoints for continuous system activity monitoring and telemetry streaming. - [File System Monitors](https://awesome-repositories.com/f/system-administration-monitoring/file-system-monitors.md) — A kernel-level or system-call-based observer tracks real-time modifications to critical files to detect unauthorized changes or malicious activity. ([source](https://documentation.wazuh.com/current/index.html)) - [Automated Incident Response Workflows](https://awesome-repositories.com/f/system-administration-monitoring/incident-management/automated-incident-response-workflows.md) — Executes automated actions like blocking network traffic or terminating malicious processes to neutralize active threats. ([source](https://documentation.wazuh.com/current/index.html)) - [Log Analysis](https://awesome-repositories.com/f/system-administration-monitoring/logging-and-telemetry/log-analysis.md) — Parses and interprets log data from various sources to extract actionable security insights and identify suspicious patterns. ([source](https://documentation.wazuh.com/current/index.html)) ### Software Engineering & Architecture - [Telemetry Correlation Engines](https://awesome-repositories.com/f/software-engineering-architecture/telemetry-correlation-engines.md) — Evaluates incoming telemetry against predefined logic to identify complex attack patterns and policy violations.