Elastic Security SIEM
Modern, cost-efficient SIEM with years of searchable data.
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Unified security platform for detection, response, and compliance
Wazuh delivers real‑time intrusion detection, log analysis, vulnerability scanning, and compliance reporting across on‑prem, cloud, and container environments with native Elastic Stack integration and automated response actions.
Wazuh is designed for security teams, IT operations, and compliance officers who need a single solution to monitor and protect diverse workloads. It combines lightweight agents that collect logs, file integrity data, and vulnerability information with a central manager that performs rule‑based analysis, correlates events, and visualizes alerts through the Elastic Stack.
The platform supports on‑premises servers, virtual machines, Docker containers, Kubernetes clusters, and major cloud providers such as AWS, Azure, and Google Cloud. Deployment can be automated using Ansible, Chef, Puppet, Salt, CloudFormation, or native Kubernetes manifests, allowing seamless scaling across hybrid environments. Built‑in active response capabilities enable automated remediation, while compliance modules generate audit‑ready reports for standards like PCI DSS, GDPR, and more.
When teams consider Wazuh, these hosted platforms usually appear on the same shortlist.
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
PCI DSS compliance monitoring
Continuous file integrity checks and configuration assessments generate audit‑ready reports, simplifying PCI validation.
Container runtime threat detection
Agents monitor Docker hosts, alert on privileged containers, vulnerable images, and unauthorized volume changes.
Cloud infrastructure hardening
API integrations pull AWS/Azure security data, flag misconfigurations, and enforce remediation through automated responses.
Incident response automation
When a malicious process is detected, Wazuh triggers active responses to isolate the host and execute forensic commands.
Wazuh agents run on Linux, Windows, macOS, and major Unix variants, and can be deployed on physical servers, virtual machines, containers, and cloud instances.
While Wazuh can store alerts in its own database, full‑featured search, dashboards, and visualizations rely on integration with Elasticsearch and Kibana.
Agents collect software inventory, which the manager correlates with continuously updated CVE feeds to generate vulnerability alerts.
Yes, built‑in active response rules can block IPs, quarantine files, or run custom scripts when specific conditions are met.
Wazuh provides ready‑made modules for Ansible, Chef, Puppet, Salt, Kubernetes, and CloudFormation to simplify deployment and configuration.
Project at a glance
ActiveLast synced 4 days ago
