Wazuh (XDR)
Wazuh is an open-source XDR platform providing endpoint security monitoring, file integrity monitoring, log analysis, and vulnerability detection.
Aithroyz deploys Wazuh 4.x with the indexer, manager, and dashboard all in one. When Elastic Stack is also deployed, Wazuh ships alerts to the wazuh-alerts-* index via Filebeat.
Access
URL:
https://wazuh.<env-name>.ops.aithroyz.comCredentials: admin + auto-generated password. Shown in Environments detail → Credentials.
Deploying a Wazuh agent
After logging into the Wazuh dashboard, go to Agents → Deploy new agent. Select the OS and follow the one-liner instructions. The agent automatically registers with the Wazuh manager at the internal IP.
✓
For endpoint-vm deployments inside the same Aithroyz environment, Wazuh agent deployment is pre-configured automatically during provisioning.
Key capabilities in Aithroyz
Security events
Real-time log analysis and rule matching against MITRE ATT&CK
FIM
File integrity monitoring — detects changes to critical files and directories
Vulnerability detection
NVD-based vulnerability scanning with CVE cross-reference
SCA
Security configuration assessment — CIS benchmark checks
Threat intelligence
IOC matching against threat intel feeds