Wazuh: Free and open-source XDR and SIEM
Wazuh is an open-source platform designed for threat detection, prevention, and response. It can safeguard workloads in on-premises, virtual, container, and cloud settings.
Wazuh system comprises an endpoint security agent installed on monitored systems and a management server that processes and examines the data from these agents. Additionally, it seamlessly integrates with the Elastic Stack, offering a search and data visualization feature that lets users explore their security notifications.
Wazuh capabilities:
- Intrusion detection
- Log data analysis
- File integrity monitoring
- Vulnerability detection
- Configuration assessment
- Incident response
- Regulatory compliance
- Cloud security
- Container security
The platform is available on GitHub.
More open-source tools to consider:
- Mosint: Open-source automated email OSINT tool
- AWS Kill Switch: Open-source incident response tool
- PolarDNS: Open-source DNS server tailored for security evaluations
- k0smotron: Open-source Kubernetes cluster management
- Kubescape 3.0 elevates open-source Kubernetes security
- Logging Made Easy: Free log management solution from CISA
- GOAD: Vulnerable Active Directory environment for practicing attack techniques
- Yeti: Open, distributed, threat intelligence repository
- BinDiff: Open-source comparison tool for binary files
- LLM Guard: Open-source toolkit for securing Large Language Models
- Velociraptor: Open-source digital forensics and incident response