Getting Started with Wazuh - SIEM/XDR Platform Overview

This section provides introductory material about Wazuh 4.14: the system architecture, a breakdown of each component, and common deployment scenarios. It is intended for practitioners who are evaluating Wazuh for their infrastructure or beginning their first deployment.

What is Wazuh

Wazuh is an open-source security platform that combines SIEM (Security Information and Event Management) and XDR (Extended Detection and Response) capabilities. It protects endpoints, servers, cloud workloads, and containerized environments through a single management interface.

Organizations of all sizes - from small businesses to large enterprises - rely on Wazuh for threat detection, integrity monitoring, vulnerability analysis, and regulatory compliance enforcement.

Section Contents

Wazuh Architecture

An overview of the platform architecture: agent-to-server communication, the role of Filebeat in data forwarding, indexing in OpenSearch, and visualization through the dashboard. Covers deployment models (all-in-one, single-node, distributed), protocols, ports, and comparisons with alternative SIEM solutions.

Wazuh Components

A detailed description of each component: Wazuh Agent (analysis modules, supported operating systems), Wazuh Server (analysis engine, rules, decoders, clustering), Wazuh Indexer (OpenSearch-based storage and indexing), and Wazuh Dashboard (visualization, reporting, management).

Use Cases

Practical security tasks addressed by Wazuh: malware detection, file integrity monitoring, threat hunting, vulnerability detection, configuration assessment, incident response, compliance, cloud security, and more.

Next Steps

After reviewing the architecture and components, proceed to Wazuh installation or explore the full platform capabilities in the documentation hub.