Wazuh is an open source SIEM platform that provides unified protection for endpoints and cloud workloads. It is used for threat detection, prevention, response, and compliance.
Wazuh has three main components: Wazuh Indexer, Wazuh Server, and Wazuh Dashboard. The Wazuh indexer is a data storage and analysis engine that collects and processes alerts generated by the Wazuh server. The Wazuh server analyzes data received from the Wazuh agents installed on endpoints, network devices, cloud instances, or applications. The Wazuh dashboard is a web interface for data visualization and management. It includes dashboards for various security aspects, such as regulatory compliance, vulnerabilities, file integrity, configuration assessment, and cloud infrastructure events.