Wazuh is the enclave’s security monitoring — intrusion detection, file-integrity checks, and event correlation. Its server lives in the Basement (Zone 0); its forwarders run on nodes across the enclave, including the Outpost’s local telemetry, feeding events back to a single place.

It is one of the four tools in the observability stack, with Grafana, Loki, and Matomo. Where its forwarders sit and what they watch is a Systems matter (watch).

ComponentRoleHostVersion
Wazuh serversecurity monitoring, intrusion detectionBasement (Z0)latest stable
Wazuh forwarderstelemetry agentsenclave-widelatest stable

Has anything touched?

If reading this made you want to argue with it, extend it, or notice what's missing, that's the signal to show up.

:/back-to-top