SIEM Module for Energy Logserver

 

What does Wazuh do?

Wazuh is a comprehensive SIEM tool that responds to the need of continuous monitoring and responding to advanced threats affecting the IT environment.

Wazuh provides additional security information in such areas as infrastructure monitoring, threat detection, intrusion attempts, detected anomalies, misconfigured applications and unauthorized user actions.

It is based on the architecture of the central server and agents - agents collect data from the hosts and send it to the central server (Wazuh manager) via an encrypted channel. There, the data are analyzed and matched to the security schemes.

Wazuh application gives you access to a rich database of predefined correlation rules and visualizations, which allows you to start working immediately after installation.

Security Analytics
With help of agents providing the necessary monitoring and respone capabilities, Wazuh collects, aggregate, index and analyze security data, helping organizations detect intrusions, threats and behavioral anomalies.
Compliance

Wazuh ensures compliance with many important regulations and safety standards. Extensive functionality, scalability and support for multiple platforms allows the organization to meet technical requirements for compliance with the required standards. The system provides ready-made reports and visualizations for such regulations as: PCI DSS, GDPR, CIS, GPG13.

Incident Response
Wazuh provides prepared sets of active reactions to handle detected threats. For example - block access to the system from an infected source if the defined criteria are met. It can also be used to run remote commands and scripts for integrated solutions, identify IOC and current incident investigation and response.
Intrusion Detection
Wazuh agents scan monitored systems for malware, rootkits and suspicious anomalies. The system can detect hidden files, masked processes and unrecorded listings in the network as well as inconsistencies in the response to system calls.
Security Analytics
Wazuh reads logs from operating systems and applications, and then analyzes them based on a rich database of rules that help in the capture of system and application errors, incorrect configuration, attempts and successful attacks, security policy violations and a number of other security-related problems, and configuration of the IT environment.

Cloud security

Wazuh allows you to monitor the cloud environment from the API level, thanks to the use of integration modules that collect security data from clouds provided by Amazon AWS, Microsoft Azure, or Google Cloud. Wazuh provides a set of rules to assess the configuration of the cloud environment in terms of catching potential security holes.

File Integrity

The application monitors selected files - supervises changes in content, permissions, properties and file attributes. Every change in both data and metadata of file is detected by the Wazuh system and reported.

Vulnerability Detection

Wazuh correlates data from the monitored environment with constantly updated CVE (Common Vulnerabilities and Exposure) databases to identify potential vulnerabilities and exploits in the system. An automated resilience assessment allows you to find weaknesses in resources and help you take appropriate corrective actions.

Configuration Assessment

Wazuh monitors applications and systems settings in order to confirm their compliance with the accepted rules and safety standards. Agents perform scans on a scheduled basis to detect software that may be potentially susceptible, out of date, or misconfigured.

 

Integration Energy Logserver with Wazuh

Based on the official partnership of Wazuh inc. and EMCA Software Sp. z o.o. we have carried out the integration, under which the Wazuh application is available from the Energy Logserver GUI. Thanks to this cooperation, we can offer our clients an extremely universal and effective SIEM platform tailored to the needs of each organization.

As standard, EMCA provides a support service for the deployed Wazuh environment as part of the Energy Logserver support, but we also encourage you to purchase additional support provided by the Wazuh inc team. giving, among others:

  • Unlimited access to dedicated specialists;
  • Rapid reporting and removal of identified bugs;
  • Regular health-check service at least twice a year.

EMCA also provides services for implementing and maintaining Wazuh solutions on Elastic Stack, ELK Stack and Splunk environments.