Wazuh is an open-source platform designed for threat prevention, detection, and response across various environments, including on-premises, virtual, containerized, and cloud systems. Its architecture consists of endpoint security agents that monitor systems and a management server that collects and analyzes the data from these agents. The integration with the Elastic Stack enhances its capabilities with powerful search and visualization tools for security alerts. Key features include intrusion detection, where agents scan for malware and anomalies, and log data analysis, which processes operating system and application logs to identify potential security issues. Wazuh also monitors file integrity, tracking changes to files and identifying users or applications involved. Vulnerability detection is another critical function, as agents assess software against up-to-date vulnerability databases to pinpoint weaknesses. Configuration assessments ensure compliance with security policies, while the incident response mechanism offers automated countermeasures to mitigate threats. Wazuh's compliance features meet industry standards like PCI DSS, making it popular among payment processing and financial institutions. It also supports cloud security by monitoring APIs from major providers like AWS, Azure, and Google Cloud, as well as securing Docker containers through native integration. The platform’s web user interface facilitates data visualization and management, making it easier for users to navigate and respond to security events.