What is Wazuh ?
Wazuh is an open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. Wazuh solution consists of an endpoint security agent, deployed to the monitored systems, and a management server, which collects data gathered by the agents.
Wazuh may be configured to send alerts to syslog. Those messages can be sent to the ServicePilot web interface in real-time by syslog for centralized analysis.
Wazuh Syslog monitoring
This package performs a pre-built search to count Wazuh Events by severity and includes a template dashboard in order to automatically analyze data across Wazuh Syslogs messages sent to ServicePilot.
The built-in dashboard displays Wazuh events by types, top alert messages and signatures, as well as alert classifications over time.
Sending Wazuh events with Syslog messages to ServicePilot allows to get a web based console to view Wazuh events, with built-in custumizable dashboards, alerts, PDF reports, as well as other ServicePilot software features such as marchine learning algorithms, tactical monitoring maps and custom searches.