wazuh security monitoring

What is Wazuh ?

Wazuh is an open-source host-based intrusion detection system (HIDS) platform dedicated to threat detection, prevention, and response across various computing environments. These environments include on-premises, virtualized, containerized, and cloud-based systems. The solution comprises an endpoint security agent deployed to the systems under surveillance and a management server, which amasses data collected by these agents. Wazuh offers a wide array of features that make it a comprehensive cybersecurity solution. From File Integrity Monitoring (FIM) and Log Data Analysis to Anomaly and Malware Detection, Wazuh serves as a multi-purpose platform for securing a digital environment. It can also be customized to dispatch alerts to syslog, further enhancing its threat response capabilities.
Wazuh's alerts and messages can be integrated seamlessly with the ServicePilot web interface in real-time using syslog. This provides security administrators with a unified view of security events, simplifying the process of managing and responding to security threats. It also leverages other ServicePilot features such as advanced alerting, Machine Learning analytics, custom maps, dashboards, automated PDF reporting and more.

How to monitor Wazuh?

ServicePilot makes it easy to monitor Wazuh requiring minimal configuration on the target device. A resource of the security-wazuh package then needs to be added via the ServicePilot web interface.

ServicePilot automatically performs a pre-built search to count Wazuh Events by severity and includes a template dashboard in order to analyze data across Wazuh Syslogs messages sent to ServicePilot.

The built-in dashboard displays Wazuh events by types, top alert messages and signatures, as well as alert classifications over time.

Sending Wazuh events with Syslog messages to ServicePilot allows to get a web based console to view Wazuh events, with built-in custumizable dashboards, alerts, PDF reports, as well as other ServicePilot software features such as machine learning algorithms, tactical monitoring maps and custom searches.

How to install a wazuh resource?

1. Use your ServicePilot OnPremise installation or a SaaS account.
2. Add a new wazuh resource via the web interface (/prmviews or /prmresources) or via API (/prmpackages page), the default ServicePilot agent or another agent will be provisioned automatically.

Details of the wazuh package are located in the /prmpackages page of the software.

Benefits

ServicePilot enables you to deliver IT services faster and more securely with automated discovery and advanced monitoring features.

By correlating the technology WAZUH with APM and infrastructure monitoring, ServicePilot is able to provide a more comprehensive view of an organization's IT environment.

This allows IT teams to quickly identify and diagnose issues that may be impacting application performance, and take corrective action before end-users are affected.

Start with a free trial of our SaaS solution. Explore our plans or contact us to find what works best for you.