wazuh/wazuh

Features

• Operations and Incident Response - Provides an integrated security agent for endpoint detection, file integrity monitoring, and automated incident response.
• Security Information Management - Aggregates log data and endpoint telemetry to provide centralized visibility and threat detection.
• Cloud Security Monitoring - Monitors ephemeral cloud and containerized environments to detect misconfigurations and enforce security policies.
• Cloud Infrastructure Security - Maintains visibility into cloud workloads and container environments to detect threats and ensure secure configurations.
• Container Security - Maintains visibility into cloud and container environments to detect threats and enforce consistent security policies.
• Vulnerability Scanners - Identifies known security weaknesses and missing software updates across distributed systems to maintain infrastructure integrity.
• Centralized Logging Systems - Aggregates and normalizes heterogeneous logs from distributed infrastructure into a unified format for security analysis.
• Endpoint Monitoring Agents - Deploys lightweight agents to endpoints for continuous system activity monitoring and telemetry streaming.
• Event-Based Triggers - Triggers automated scripts on remote endpoints to neutralize security threats in real time.
• Audit and Compliance - Maps security events and system configurations against industry standards to verify regulatory compliance.
• Security and Compliance - The platform maps security events and system configurations against industry standards to generate reports and verify adherence to security policies.
• Infrastructure and System Hardening - Evaluates system settings against security benchmarks and scans for weaknesses to maintain a hardened infrastructure.
• Vulnerability Scanning - Scans systems and applications for known security weaknesses and missing updates to ensure a hardened infrastructure.
• Telemetry Correlation Engines - Evaluates incoming telemetry against predefined logic to identify complex attack patterns and policy violations.
• File System Monitors - A kernel-level or system-call-based observer tracks real-time modifications to critical files to detect unauthorized changes or malicious activity.
• Automated Incident Response Workflows - Executes automated actions like blocking network traffic or terminating malicious processes to neutralize active threats.
• Log Analysis - Parses and interprets log data from various sources to extract actionable security insights and identify suspicious patterns.
• Monitoring and Status - Unified XDR and SIEM protection for endpoints.
• Monitoring Systems - Unified XDR and SIEM protection platform.
• Security Lab Environments - Unified XDR and SIEM platform for threat detection and response.
• Continuous Security Monitoring - Platform for security monitoring and threat detection.
• Intrusion Detection Systems - Platform for threat prevention, detection, and response.
• Security And Privacy - Unified XDR and SIEM security platform.
• Security Configurations - The platform evaluates system settings against established security benchmarks to identify misconfigurations and ensure adherence to hardening standards.
• Threat Detection - The platform identifies malicious software by scanning files and observing system behavior to match against known threat signatures and patterns.
• Vulnerability Assessment Frameworks - Systematically scans software versions and configurations against threat databases to identify security weaknesses.
• User Access Management - The platform controls system access through role-based permissions and connects with external identity providers to centralize user authentication.

Star history