Wazuh Agent on Host OS

Problem/Justification

Requesting support for Wazuh Agent security monitoring software installed on the host OS.

Linux agent install instructions via apt: Deploying Wazuh agents on Linux endpoints - Wazuh agent

Impact

The Wazuh agent allows more robust security monitoring than forwarded syslog messages alone, and additionally allows compliance and vulnerability monitoring.

Unlikely to cause negative impact.

User Story

The Wazuh agent requires minimal (if any) user interaction following installation. The primary means of interaction would be through modifying the agent configuration file (typically at path /var/ossec/etc/ossec.conf). Full app support may include options to modify this configuration via the Apps UI, though this would not necessarily be required for MVP.

The Wazuh agent runs as a background service, and forwards messages to a separate Wazuh server on network port 1514, so limited access to the host network would be required.

please raise and issue on the apps repo to request addition of an app

1 Like

Moving request there, thanks!

I was referred back here to request as a host OS feature.

you could try to deploy it via custom app with the compose file from their github

I’ll give that a try, but I don’t believe the Wazuh docker deployment can monitor the host OS. I think it’s more intended to be an all in one agent/server container.