Wazuh is an open-source security monitoring platform that combines SIEM capabilities with endpoint detection and response (EDR) features. It provides centralized log collection, file integrity monitoring, rootkit detection, vulnerability detection, and compliance monitoring across Windows, Linux, and macOS systems. Wazuh agents collect telemetry from endpoints and forward it to a central manager, where correlation rules and threat intelligence help identify suspicious activity in real time.
Designed for scalability, Wazuh integrates natively with the Elastic Stack and OpenSearch for indexing and visualization. This allows security teams to build dashboards, investigate alerts, and correlate events across infrastructure, cloud workloads, containers, and applications. Wazuh supports detection use cases such as brute-force attacks, privilege escalation attempts, unauthorized configuration changes, and malware indicators. With proper tuning, it becomes a powerful detection layer within a broader defense-in-depth strategy.
