mirror of
https://gitea.com/mcereda/oam.git
synced 2026-02-09 05:44:23 +00:00
Wazuh
Open source security platform.
Provides unified XDR and SIEM protection for endpoints and cloud workloads.
Components
| Component | Type | Description |
|---|---|---|
| Indexer | Central | Full-text search and analytics engine. Indexes and stores alerts generated by the server. |
| Server | Central | Analyzes data received from the agents. Can set up in a cluster. Manages the agents. |
| Dashboard | Central | Web UI for data visualization and analysis. Used to configure and monitor Wazuh. |
| Agent | Endpoint | Installed on monitored endpoints (i.e.: laptops, servers, cloud instances, virtual machines). Used for threat prevention, detection, and response. |
Wazuh can also monitor agent-less devices (e.g: firewalls, switches, routers) via Syslog, SSH or APIs.
Indexer
Stores data as JSON documents.
Indexes are collections of documents related to each other.
The stored documents are distributed across multiple different shards.
Shards are distributed on multiple nodes for redundancy.
Different indices store different event types.
| Index | Content | Notes |
|---|---|---|
wazuh-alerts |
Alerts generated by the server | Created each time an event trips a rule with a high enough priority. |
wazuh‑archives |
Events received by the server | Created whether or not events trip a rule. |
wazuh‑monitoring |
Data related to the agent's status over time | Used by the web interface to show when individual agents are or have been active, disconnected, or never connected. |
wazuh‑statistics |
Data related to the server's performance | Used by the web interface to show performance statistics. |
One can interact with the indexer cluster using its REST API.
Server
TODO
Dashboard
TODO
Agent
TODO