# Wazuh - Open Source XDR. Open Source SIEM.

<figure><img src="https://2332860236-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fq6mjlFfyDOi3mV0lemKE%2Fuploads%2FLsAJEQ8SQGLHHR5arwyo%2FSun%20Tzu%20Cat%20GIF.gif?alt=media&#x26;token=c304a26b-789b-4da8-aefa-222f034b28e8" alt=""><figcaption></figcaption></figure>

Wazuh is an open-source security monitoring platform that combines both **SIEM** (Security Information and Event Management) and **XDR** (Extended Detection and Response) functionalities. It is designed to help organizations detect and respond to security threats across their entire IT infrastructure.

#### Key Features of Wazuh:

1. **SIEM Capabilities**:
   * **Log Data Collection and Analysis**: Wazuh collects logs from various sources like operating systems, applications, and network devices. It analyzes these logs for potential security threats, suspicious activities, or operational issues.
   * **Real-time Alerts**: Wazuh generates real-time alerts based on log analysis and predefined rules to notify security teams of potential incidents.
   * **Correlation and Visualization**: It correlates log data across different systems and provides dashboards to visualize security incidents and trends.
2. **XDR Capabilities**:
   * **Threat Detection**: Wazuh integrates with various security data sources (like endpoint security tools, firewalls, intrusion detection systems, etc.) to provide comprehensive visibility into security events and behaviors across an organization.
   * **Response and Mitigation**: The platform offers automated response mechanisms, enabling teams to quickly act on detected threats (e.g., blocking suspicious IPs, isolating affected devices).
   * **Endpoint Monitoring**: Wazuh allows for the monitoring and analysis of endpoints (servers, workstations, etc.) for any security incidents, adding an extended layer of detection beyond traditional SIEM.
3. **Open Source**: Wazuh is free to use and can be customized, making it an attractive option for organizations looking to implement security monitoring without proprietary software costs.
4. **Integration with Other Tools**: It integrates well with other security solutions such as Elasticsearch, Kibana, and TheHive for enhanced threat detection, analysis, and response.