Wazuh 4.14 Regulatory Compliance Support Overview
Wazuh 4.14 provides built-in support for five major regulatory security standards through its rule mapping mechanism. Each detection rule in the Wazuh ruleset can be associated with specific standard requirements via the <group> tag, enabling automatic classification of security events by regulatory category and streamlined report generation for auditors.
Rule Mapping Mechanism
Compliance support in Wazuh is implemented through the rule group system. When a detection rule triggers, the platform automatically associates the event with applicable standard requirements based on the tags in the <group> field.
Tag format for each supported standard:
| Standard | Tag Format | Example |
|---|---|---|
| PCI DSS | pci_dss_X.Y.Z | pci_dss_10.2.4 |
| GDPR | gdpr_CHAPTER_Article.Paragraph | gdpr_II_5.1.f |
| HIPAA | hipaa_XXX.XXX.X | hipaa_164.312.b |
| NIST 800-53 | nist_800_53_XX.Y | nist_800_53_AU.12 |
| TSC | tsc_CCX.X | tsc_CC6.1 |
Rule Mapping Example
<rule id="5710" level="5">
<if_sid>5700</if_sid>
<match>illegal user|invalid user</match>
<description>sshd: Attempt to login using a non-existent user</description>
<group>pci_dss_10.2.4,pci_dss_10.2.5,gdpr_IV_35.7.d,hipaa_164.312.b,nist_800_53_AU.14,tsc_CC6.1,</group>
</rule>A single rule can simultaneously address requirements across all five standards. When the rule fires, the resulting alert carries compliance metadata for each associated requirement.
Custom Compliance Standards
Beyond the built-in standards, organizations can define their own compliance identifiers. Add a custom tag to the <group> field of any rule:
<rule id="100001" level="5">
<if_sid>5710</if_sid>
<description>SSH brute force - internal policy violation</description>
<group>internal_policy_AC.1,pci_dss_10.2.4,</group>
</rule>Wazuh Modules for Compliance
Different platform modules address different aspects of regulatory requirements:
| Module | Application |
|---|---|
| Log data collection | Event auditing, access logging, record retention |
| File integrity monitoring (FIM) | Change detection for critical files and configurations |
| Security configuration assessment (SCA) | CIS Benchmark and security policy verification |
| Vulnerability detection | Known CVE identification in installed software |
| Malware detection | Rootcheck, YARA scanning |
| Active response | Automated threat blocking |
| System inventory | Asset and software tracking |
Compliance Dashboard
The Wazuh Dashboard provides dedicated visualization modules for each supported standard. These modules enable:
- Filtering alerts by specific standard requirements
- Viewing real-time compliance statistics
- Generating reports for external audits
- Tracking trends across requirement categories
To access the compliance module, navigate to the Modules section of the dashboard and select the desired standard from the Regulatory compliance area.
Supported Standards
PCI DSS 4.0
Payment Card Industry Data Security Standard. Wazuh covers requirements for logging (Req. 10), integrity monitoring (Req. 11.5), vulnerability management (Req. 6.1), configuration assessment (Req. 2.2), and malware protection (Req. 5).
GDPR
General Data Protection Regulation of the European Union. Wazuh addresses the technical requirements of Articles 5, 25, 30, 32, 33, and 35 through integrity monitoring, access control, and breach detection.
HIPAA
Health Insurance Portability and Accountability Act. Wazuh supports administrative, physical, and technical safeguards for electronic protected health information (ePHI).
NIST 800-53
NIST Security and Privacy Controls catalog. Wazuh covers control families AC (Access Control), AU (Audit and Accountability), CM (Configuration Management), IA (Identification and Authentication), IR (Incident Response), SC (System and Communications Protection), and SI (System and Information Integrity).
TSC (SOC 2)
Trust Services Criteria for SOC 2 audits. Wazuh supports Security (CC), Availability (A), Processing Integrity (PI), Confidentiality (C), and Privacy (P) categories.