SIEM Module for Energy Logserver
What does Wazuh do?
Wazuh is a comprehensive SIEM tool that responds to the need of continuous monitoring and responding to advanced threats affecting the IT environment.
Wazuh provides additional security information in such areas as infrastructure monitoring, threat detection, intrusion attempts, detected anomalies, misconfigured applications and unauthorized user actions.
It is based on the architecture of the central server and agents - agents collect data from the hosts and send it to the central server (Wazuh manager) via an encrypted channel. There, the data are analyzed and matched to the security schemes.
Wazuh application gives you access to a rich database of predefined correlation rules and visualizations, which allows you to start working immediately after installation.
Wazuh ensures compliance with many important regulations and safety standards. Extensive functionality, scalability and support for multiple platforms allows the organization to meet technical requirements for compliance with the required standards. The system provides ready-made reports and visualizations for such regulations as: PCI DSS, GDPR, CIS, GPG13.
Wazuh allows you to monitor the cloud environment from the API level, thanks to the use of integration modules that collect security data from clouds provided by Amazon AWS, Microsoft Azure, or Google Cloud. Wazuh provides a set of rules to assess the configuration of the cloud environment in terms of catching potential security holes.
The application monitors selected files - supervises changes in content, permissions, properties and file attributes. Every change in both data and metadata of file is detected by the Wazuh system and reported.
Wazuh correlates data from the monitored environment with constantly updated CVE (Common Vulnerabilities and Exposure) databases to identify potential vulnerabilities and exploits in the system. An automated resilience assessment allows you to find weaknesses in resources and help you take appropriate corrective actions.
Wazuh monitors applications and systems settings in order to confirm their compliance with the accepted rules and safety standards. Agents perform scans on a scheduled basis to detect software that may be potentially susceptible, out of date, or misconfigured.
Integration Energy Logserver with Wazuh
Based on the official partnership of Wazuh inc. and EMCA Software Sp. z o.o. we have carried out the integration, under which the Wazuh application is available from the Energy Logserver GUI. Thanks to this cooperation, we can offer our clients an extremely universal and effective SIEM platform tailored to the needs of each organization.
As standard, EMCA provides a support service for the deployed Wazuh environment as part of the Energy Logserver support, but we also encourage you to purchase additional support provided by the Wazuh inc team. giving, among others:
- Unlimited access to dedicated specialists;
- Rapid reporting and removal of identified bugs;
- Regular health-check service at least twice a year.
EMCA also provides services for implementing and maintaining Wazuh solutions on Elastic Stack, ELK Stack and Splunk environments.