An open-source unified XDR and SIEM platform for threat prevention, detection, and response across endpoints and cloud workloads.
Wazuh is an open-source unified XDR and SIEM platform designed for threat prevention, detection, and response. It protects endpoints and cloud workloads by integrating agent-based monitoring with a central management server, providing capabilities like intrusion detection, log analysis, and vulnerability assessment. The platform helps organizations secure diverse environments, from on-premises systems to containerized and cloud-based infrastructure.
Security teams, DevOps engineers, and IT administrators responsible for securing hybrid or multi-cloud environments, ensuring regulatory compliance, and managing threat detection across endpoints and workloads.
Developers choose Wazuh for its comprehensive, open-source approach to security that unifies XDR and SIEM functionalities without licensing costs. Its scalability, multi-platform support, and deep integrations with tools like Elastic Stack and cloud providers offer a flexible alternative to proprietary solutions.
Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
Combines XDR and SIEM functionalities, including intrusion detection, log analysis, and vulnerability assessment, as outlined in its comprehensive capabilities list.
Protects on-premises, virtualized, containerized, and cloud workloads with specific integrations for AWS, Azure, and Google Cloud, detailed in the cloud security section.
Free under GPLv2 license with active community support, allowing for customization and avoiding vendor lock-in, evidenced by the GitHub repository and community channels.
Provides built-in tools for meeting PCI DSS, GDPR, and other regulations, with dashboards and reports in the web user interface.
Offers orchestration via Docker, Kubernetes, Ansible, and more, simplifying deployment in various environments, as listed in the orchestration section.
Requires setting up and maintaining a central server, agents, and Elastic Stack integration, making it operationally intensive compared to turnkey solutions.
For advanced data visualization and search, it relies on Elastic Stack, adding complexity and potential licensing costs if using Elastic's commercial features.
Agent-based monitoring can consume significant CPU and memory on monitored systems, which might impact performance in resource-constrained environments.
Mastering Wazuh's configuration, rules, and integrations requires substantial security and system administration expertise, as implied by the detailed documentation and setup guides.