Wazuh
Wazuh is an open-source security platform built on OSSEC, providing a range of features for monitoring, threat detection, and compliance management.
- can be integrated with other security tools like the Elastic Stack
- is highly scalable and suitable for on-premises, cloud, or hybrid deployments
- functions as a SIEM, an IDS, and a SOAR solution all in one
Features
- log analysis
- file integrity monitoring
- vulnerability detection
- intrusion detection
- configuration assessment
- and incident response
Alert Levels
Wazuh uses a scale from 0 to 16 for its alert levels, with 0 being the least severe and 16 being the most severe. The alert levels are typically categorized as follows:
- Informational (0-3): These alerts indicate routine events or general information about the system or application and usually do not require immediate action.
- Low severity (4-7): These alerts indicate minor security issues, non-critical system events, or policy violations that should be investigated but may not require immediate action.
- Medium severity (8-11): These alerts indicate more significant security issues, potential breaches, or critical system events that should be addressed promptly.
- High severity (12-15): These alerts indicate severe security issues, active breaches, or critical system failures that require immediate attention and action.
- Emergency (16): These alerts represent the most severe and urgent security events, indicating an active or imminent threat to the system or infrastructure.
Alert levels can be customized based on an organization’s specific requirements, allowing administrators to fine-tune the priority and response to different types of security events.