- Our team is here to help you
- The Open Source Security Platform
- Get started with Wazuh
- Become part of our Open Source community
- Searching for alerts using the Wazuh app for Kibana
Our team is here to help youWazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance. Wazuh provides host-based security visibility using lightweight multi-platform agents. Flexible, scalable, no vendor lock-in and no license cost. Trusted by thousands of users. Wazuh is used to collect, aggregate, index and analyze security data, helping organizations detect intrusions, threats and behavioral anomalies. As cyber threats are becoming more sophisticated, real-time monitoring and security analysis are needed for fast threat detection and remediation. That is why our light-weight agent provides the necessary monitoring and response capabilities, while our server component provides the security intelligence and performs data analysis. Wazuh agents scan the monitored systems looking for malware, rootkits and suspicious anomalies. They can detect hidden files, cloaked processes or unregistered network listeners, as well as inconsistencies in system call responses. In addition to agent capabilities, the server component uses a signature-based approach to intrusion detection, using its regular expression engine to analyze collected log data and look for indicators of compromise. Wazuh agents read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage. Wazuh monitors the file system, identifying changes in content, permissions, ownership, and attributes of files that you need to keep an eye on. In addition, it natively identifies users and applications used to create or modify files. File integrity monitoring capabilities can be used in combination with threat intelligence to identify threats or compromised hosts. Wazuh agents pull software inventory data and send this information to the server, where it is correlated with continuously updated CVE Common Vulnerabilities and Exposure databases, in order to identify well-known vulnerable software. Automated vulnerability assessment helps you find the weak spots in your critical assets and take corrective action before attackers exploit them to sabotage your business or steal confidential data. Agents perform periodic scans to detect applications that are known to be vulnerable, unpatched, or insecurely configured. Additionally, configuration checks can be customized, tailoring them to properly align with your organization. Alerts include recommendations for better configuration, references and mapping with regulatory compliance. Wazuh provides out-of-the-box active responses to perform various countermeasures to address active threats, such as blocking access to a system from the threat source when certain criteria are met. In addition, Wazuh can be used to remotely run commands or system queries, identifying indicators of compromise IOCs and helping perform other live forensics or incident response tasks. Wazuh provides some of the necessary security controls to become compliant with industry standards and regulations. These features, combined with its scalability and multi-platform support help organizations meet technical compliance requirements. Its web user interface provides reports and dashboards that can help with this and other regulations e. Wazuh helps monitoring cloud infrastructure at an API level, using integration modules that are able to pull security data from well known cloud providers, such as Amazon AWS, Azure or Google Cloud.
The Open Source Security Platform
Wazuh has one of the fastest growing open source security communities in the world. Here you can learn from other users, participate in discussions, talk to our developers and contribute to the project. In our Google group you can ask questions and participate in discussions. Share your questions and thoughts with the community. Explore and discover our repositories. Yet another way to connect with us. Join our community channel to ask your questions and we will do our best to resolve them. Our documentation is at your disposal, so you can learn everything about our product and its capabilities. Get to know what Wazuh can do. These repositories include the source code for the deployment of Wazuh components via Ansible, Puppet, Chef or Bosh. Here you can contribute to our documentation and you can also find the source code used to package our software. Become part of our Open Source community. Join our mailing list. Subscribe to our list Our Google group. Collaborate with us. Visit our GitHub. Our Slack channel. Join us on Slack. Learn how it works. Start now. Kibana Splunk. Docker Kubernetes. Orchestration These repositories include the source code for the deployment of Wazuh components via Ansible, Puppet, Chef or Bosh. Ansible Puppet Chef Bosh. Others Here you can contribute to our documentation and you can also find the source code used to package our software. Documentation Packages. Get Wazuh 3. Install Wazuh Documentation.
Get started with Wazuh
We supply a full range of services to help you achieve your IT security goals and meet your business needs. Customer satisfaction is our main priority. Wazuh's technical team consists of solution architects, engineers and developers ready to give the best service. Our experienced engineers provide quick responses to unlimited questions and issues relating to all components of the solution. Support includes help with deployment automation, solution configuration, bug fixes and upgrades. Additionally, the service includes periodic health checks. Our Premium package includes 24x7 support, faster response times, and more health checks per year. Our team works closely with you to deploy and configure the solution, optimizing results for your particular use cases, while keeping in mind your long-term plans for growth. We carefully analyze the environment in order to design the most successful architecture for the solution deployment, configuration, and integrations with third-party tools. Configuration is key so that you only see the alerts you need to see and not those that you don't. Our three-day remote instructional and hands-on course covers Wazuh architecture, integrations with Elastic Stack and Splunk, file integrity monitoring, log collection and analysis, vulnerability detection, compliance and policy enforcement. You will be well-prepared to deploy, configure and fine tune the solution and to create your own custom rules and dashboards. We offer professional hours for development or customization projects. This includes assistance with the solution deployment and tuning, creation of new rules and decoders for improved threats detection, regulatory compliance mapping and reports, creation of custom dashboards, integration with third-party tools, assistance with file integrity monitoring and development of new features. Additional services are also included in our annual support packages. Wazuh scales with your business needs. You can deploy as many agents as needed, monitoring your cloud and on-premises environments. Our subscription model is based on indexed data, with different subscription tiers for all environment sizes, starting at GB. The service also includes 12 months of cold storage, health-checks and professional support. If you want more information about our services or need premium support, use the following form to get in touch with us. Our team will contact you as soon as possible and provide personal assistance.
Become part of our Open Source community
The Wazuh app for Kibana offers a modern, useful web interface that allows you to find and view your alerts in a more user-friendly way. It provides powerful search tools for finding specific alerts about certain events in any given time frame. The visualizations are located in many parts of the app. A filter is used to group numerous alerts into different categories to give them meaning, and then, they are turned into tables, pie charts, metrics, and so on. Below are some of the things that you can do:. Several visualizations require adding multiple filters, and the interface will ask you to apply the changes. You can list alerts, open them to see more details, and click on the fields on the left side of the window to add columns for a quick value comparison between alerts. The filters that you apply between this panel and the Dashboard panel will remain untouched within the same section, making it easier to look for specific events. And, if you just need to list your alerts without entering a specific app section, you can always open the Discover page on the top navbar. In the top right corner, you can find buttons to enable the Auto-refresh feature and change the time range. As a default, you can type your search using the Lucene Query Syntax, which has been used in Kibana for a long time. You can simply type a text string to perform a simple text search, and it will look for matching criteria in your alerts. These are only some of the many examples that you can use with the Lucene syntax. The latest versions of Kibana includes a brand new experimental query syntax named Kuery, and the Elastic team keeps introducing new features. The syntax is similar to Lucene, and you can enable an autocomplete panel that will appear as soon as you start typing. To activate the experimental features, just click on the button on the right side of the search bar and click on the toggle. Whenever you start typing, the autocomplete will start helping you to find the search query that you want, providing you with suggestions for logical operators and more. I hope this article has helped to improve your user experience with the Wazuh app for Kibana. We have a mailing list and a Slack channel that you can join. Also, you can go to the app repository to open new issues or open a pull request if you want to collaborate. Searching for alerts using the Wazuh app for Kibana. These examples use Kibana v7. Interacting with the visualizations The visualizations are located in many parts of the app. Below are some of the things that you can do: Click on a pie chart section. Select a range on a bar chart. Select a line peak on the histogram. The Auto-refresh button reloads the tab periodically in as many seconds as you specify, and it will bring new data if there are new events generated by Wazuh and indexed by Elasticsearch. The time range picker helps you shorten or lengthen the period of time. This will determine how many alerts the app is going to use to show your results and statistics. Lucene syntax As a default, you can type your search using the Lucene Query Syntax, which has been used in Kibana for a long time. Using the key:value notationyou can search for values in specific alert fields, such as agent. Keep in mind that agent. Instead, use the OR logical operator, which will search for alerts with one or both of those values.