Wazuh was created in 2015 as a fork of OSSEC by Spanish security researchers who wanted to enhance the open-source HIDS (Host-based Intrusion Detection System) with modern features and better scalability. The project has grown into a security monitoring platform with SIEM and XDR capabilities. The name “Wazuh” is derived from an Arabic word meaning “guardian” or “protector.”
Wazuh’s roots trace back to OSSEC, created by Daniel Cid in 2004. OSSEC was one of the first open-source HIDS solutions, providing:
- Log analysis
- File integrity monitoring
- Rootkit detection
- Active response
By 2015, OSSEC development had slowed, and the community wanted:
- Better scalability
- Modern web interface
- Enhanced compliance features
- Cloud integration
In 2015, a team of Spanish security researchers forked OSSEC to create Wazuh:
Key Founders:
- Sergio Cordero (Co-founder, CTO)
- Jesus Rios (Co-founder)
- Other OSSEC contributors
Initial Goals:
- Improve OSSEC architecture
- Add Elasticsearch integration
- Create modern web interface
- Enhance scalability
Wazuh 1.0 was released in 2015 as an open-source project under GPL v2. The initial release featured:
- OSSEC-compatible agent
- Elasticsearch storage
- Kibana-based interface
- Enhanced scalability
| Year |
Version |
Milestone |
| 2015 |
1.0 |
First release as OSSEC fork |
| 2016 |
2.0 |
Enhanced web interface, API |
| 2017 |
3.0 |
Major architecture improvements |
| 2018 |
3.4 |
Compliance modules (PCI DSS, GDPR) |
| 2019 |
3.8 |
Cloud security monitoring |
| 2020 |
3.11 |
Vulnerability detection |
| 2021 |
4.0 |
Major release, new architecture |
| 2022 |
4.3 |
Wazuh Indexer and Dashboard |
| 2023 |
4.5 |
XDR capabilities |
| 2024 |
4.7 |
Enhanced AI/ML features |
| 2025 |
4.9 |
Cloud-native improvements |
| 2026 |
4.10.x |
Current stable release |
Early versions built on OSSEC foundation:
- OSSEC Core: Compatible with OSSEC agents
- Elastic Stack: Log storage and visualization
- Kibana App: Custom dashboards
- API: RESTful API for automation
Major improvements introduced:
- Scalability: Support for large deployments
- Compliance: PCI DSS, GDPR, HIPAA modules
- Cloud Integration: AWS, Azure, GCP monitoring
- Vulnerability Detection: CVE scanning
- Active Response: Enhanced automation
Version 4.0 brought significant changes:
- New Architecture: Improved performance
- Wazuh Indexer: Fork of OpenSearch
- Wazuh Dashboard: Custom visualization
- XDR Features: Extended detection and response
- Cloud-Native: Kubernetes support
Wazuh Manager:
- Core security engine
- Rule processing
- Alert generation
- Active response
Wazuh Agent:
- Lightweight endpoint monitoring
- Log collection
- File integrity monitoring
- System inventory
Wazuh Indexer:
- Based on OpenSearch
- Security analytics
- Long-term storage
- Search capabilities
Wazuh Dashboard:
- Based on OpenSearch Dashboards
- Security visualizations
- Compliance reporting
- Incident management
In 2017, the Wazuh team founded Wazuh Inc. to:
- Provide commercial support
- Develop enterprise features
- Offer managed cloud services
- Build partner ecosystem
Headquarters:
- San Francisco, California (US)
- Madrid, Spain (EU)
| Round |
Year |
Amount |
Investors |
| Seed |
2019 |
Undisclosed |
Private investors |
| Series A |
2021 |
$20M |
Insight Partners |
| Series B |
2023 |
$45M |
Existing investors |
- 2017: Founded with small team
- 2020: 50+ employees
- 2023: 200+ employees
- 2026: Global operations
Wazuh’s rule-based detection enabled extensive security monitoring:
- Default Rules: 2,000+ built-in rules
- Decoders: Log parsing for 500+ applications
- Community Rules: User-contributed detections
- Compliance Rules: PCI DSS, GDPR, HIPAA, NIST
Major platforms integrated with Wazuh:
- AWS: CloudTrail, GuardDuty, S3
- Azure: Activity Logs, Security Center
- GCP: Cloud Audit Logs
- Docker/Kubernetes: Container monitoring
- Third-Party: Slack, PagerDuty, ServiceNow
Wazuh gained widespread security adoption:
- GitHub Stars: 5,000+
- Downloads: Millions of installations
- Enterprise: Fortune 500 companies
- Government: Public sector deployments
Common Wazuh deployments:
- Intrusion Detection: HIDS deployment
- Log Management: Centralized logging
- Compliance: Regulatory reporting
- Cloud Security: Cloud workload protection
- Incident Response: Security operations
Wazuh maintains compatibility with OSSEC:
- Agent Compatibility: OSSEC agents work with Wazuh
- Rule Format: Compatible rule syntax
- Configuration: Similar configuration files
- Migration: Easy OSSEC to Wazuh migration
Wazuh has evolved beyond OSSEC:
- Modern Architecture: Better scalability
- Web Interface: Kibana/OpenSearch Dashboards
- Cloud Integration: Native cloud support
- Active Development: Regular releases
- GitHub Stars: 5,000+
- Contributors: 200+
- Downloads: Millions monthly
- Company: Well-funded, growing
- Community: Active global community
- Regular feature releases
- Active security patching
- Growing rule ecosystem
- Strong enterprise adoption
- AI/ML Enhancement: Intelligent threat detection
- Cloud-Native: Better Kubernetes support
- XDR: Extended detection capabilities
- Automation: Enhanced response automation
- Integration: More third-party tools
Any questions?
Feel free to contact us. Find all contact information on our contact page.