🔥 <Endpoint Detection and Response Solution>🔥
Wazuh is an open-source, freely available, and extensive EDR solution, which Security Engineers can deploy in all scales of environments.
Wazuh operates on a management and agent model where a dedicated manager device is responsible for managing agents installed on the devices you’d like to monitor.
As mentioned, Wazuh is an EDR; let’s briefly run through what an EDR is. Endpoint detection and response (EDR) are tools and applications that monitor devices for an activity that could indicate a threat or security breach. These tools and applications have features that include:
- Auditing a device for common vulnerabilities
- Proactively monitoring a device for suspicious activity such as unauthorized logins, brute-force attacks, or privilege escalations.
- Visualizing complex data and events into neat and trendy graphs
- Recording a device’s normal operating behaviour to help with detecting anomalies
Wazuh unifies historically separate functions into a single agent and platform architecture. Protection is provided for public clouds, private clouds, and on-premise data centres.
A sample view of how Wazuh works is shown below
Next article: The ultimate Personal Security Checklist
