Wazuh Cloud

Wazuh Cloud addresses the complex challenge of unified security monitoring and threat response across diverse environments, including on-premises, cloud, and containerized infrastructures. The platform employs a highly scalable, two-tier architecture that integrates Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) capabilities.

Technically, Wazuh Cloud hosts and manages all Wazuh components in a single integrated platform, streamlining installation, scaling, and updates. It collects, aggregates, stores, and analyzes log data from various cloud service providers such as AWS, Azure, GCP, and Office 365. This comprehensive log collection and integration help in identifying security risks, misconfigurations, and vulnerabilities in cloud infrastructures. The platform also includes modules for malware detection, security configuration assessments, and automated vulnerability management, which enhance its threat detection and response capabilities.

Operationally, Wazuh Cloud is designed for compliance with security standards like PCI DSS and SOC 2, ensuring that the platform is independently audited to meet these stringent regulations. The dashboard provides a flexible and intuitive web interface for visualizing monitored endpoints, with features like real-time monitoring of critical files and directories to detect unauthorized changes. However, the scalability of the platform can be limited by the number of active agents and data retention policies, which vary based on the subscription plan.

Specifically, the subscription plans dictate the number of active agents, indexed data retention, and archive data retention. For example, the small plan supports up to 100 agents with 1 month of indexed data retention, while the large plan supports up to 500 agents with 3 months of indexed data retention. These limitations are crucial to consider when planning and scaling the deployment of Wazuh Cloud.