Wazuh
Wazuh is the enclave’s security monitoring — intrusion detection, file-integrity checks, and event correlation. Its server lives in the Basement (Zone 0); its forwarders run on nodes across the enclave, including the Outpost’s local telemetry, feeding events back to a single place.
It is one of the four tools in the observability stack, with Grafana, Loki, and Matomo. Where its forwarders sit and what they watch is a Systems matter (watch).
| Component | Role | Host | Version |
|---|---|---|---|
| Wazuh server | security monitoring, intrusion detection | Basement (Z0) | latest stable |
| Wazuh forwarders | telemetry agents | enclave-wide | latest stable |