Wazuh

Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the following capabilities:

• Log management and analysis: Wazuh agents read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.
• File integrity monitoring: Wazuh monitors the file system, identifying changes in content, permissions, ownership, and attributes of files that you need to keep an eye on.
• Intrusion and anomaly detection: Agents scan the system looking for malware, rootkits or suspicious anomalies. They can detect hidden files, cloaked processes or unregistered network listeners, as well as inconsistencies in system call responses.
• Policy and compliance monitoring: Wazuh monitors configuration files to ensure they are compliant with your security policies, standards or hardening guides. Agents perform periodic scans to detect applications that are known to be vulnerable, unpatched, or insecurely configured.

This diverse set of capabilities is provided by integrating OSSEC, OpenSCAP and Elastic Stack, making them work together as a unified solution, and simplifying their configuration and management.

It provides an updated log analysis ruleset and a RESTful API that allows you to monitor the status and configuration of all Wazuh agents.

It also includes a rich web application (fully integrated as a Kibana app), for mining log analysis alerts and for monitoring and managing your Wazuh infrastructure.

Changelog v3.8.0-r3803

Added

• Added option to allow maild select the log file to read from. (#977)
• New dedicated thread for AR command running on Windows agent. (#1725)
  • This will prevent the agent from delaying due to an AR execution.
• Get process inventory for Windows natively. (#1760)
• Add retries to download the OVAL files in vulnerability-detector. (#1832)
• Add options to detect changes attributes and file permissions for Windows. (#1918)
• New internal option to clean the residual files of the multigroups. (#1985)
• Add a manifest to run agent-auth.exe with elevated privileges. (#1998)
• New module “Agent Key Polling” to integrate agent key request to external data sources. (#2127)
  • Look for missing or old agent keys when Remoted detects an authorization failure.
  • Request agent keys by calling a defined executable or connecting to a local socket.
• Compress last-entry files to check differences by FIM. (#2034)
• Auto-upgrade FIM databases in Wazuh-DB. (#2147)
• Logcollector extension for Windows eventchannel logs in JSON format. (#2142)
• Add error messages to integration scripts. (#2143)
• Add CDB lists building on install. (#2167)
• Support for new AWS services in the AWS wodle (#2242):
  • AWS Config
  • AWS Trusted Advisor
  • AWS KMS
  • AWS Inspector
  • Add support for IAM roles authentication in EC2 instances.

More…

Download && Use

Portions Copyright (C) 2017 Wazuh, Inc.
Based on work Copyright (C) 2003 – 2013 Trend Micro, Inc.