Wazuh is an open-source security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads. It offers: 1. Endpoint Security: Configuration assessment, malware detection, and file integrity monitoring. 2. Threat Hunting: Log data analysis and vulnerability detection. 3. Security Operations: Incident response and regulatory compliance. 4. Cloud Security: Container security, posture management, and workload protection. The platform integrates historically separate functions into a single agent and platform architecture, covering public clouds, private clouds, and on-premise data centers. Wazuh includes real-time correlation and context for analysts, with active response capabilities for on-device remediation. As a SIEM solution, Wazuh provides monitoring, detection, and alerting of security events and incidents. It is designed to be flexible, scalable, and free from vendor lock-in, with no license costs. The platform is supported by a large community and is widely used in enterprise environments.
FEATURES
SIMILAR TOOLS
Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication.
Shuffle is a platform for automating security workflows with confidence, offering templates, collaboration tools, and a large app library.
JIMI is a flow-based orchestration automation platform that combines low-code and no-code capabilities for multi-team collaboration across IT, security, and development operations.
SOARCA is an open-source SOAR platform that automates security incident response workflows using standardized CACAOv2 playbooks and multiple integration interfaces.
Shuffle Automation provides an open-source platform for security orchestration, automation, and response.
Automated Digital Forensics and Incident Response (DFIR) software for rapid incident response and intrusion investigations.
RedEye is a visual analytic tool that provides enhanced situational awareness and operational insights for both Red and Blue Team cybersecurity operations.
RedELK is a SIEM tool designed for red teams to monitor and receive alerts about blue team detection activities during penetration testing engagements.
IRIS-SOAR is a Python-based modular SOAR platform that automates security incident response workflows and integrates with DFIR-IRIS for enhanced digital forensics operations.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.