SIEM · Wazuh Fleet
2/4 instances online718/790 agents active · 126 alerts/min ·
4 Instances
Instances4
wazuh-eu-prod
eu-west-1
Onlinev4.9.2
271/28446/min12s ago
wazuh-us-prod
us-east-1
Onlinev4.9.2
349/35661/min8s ago
wazuh-apac
ap-southeast-1
Degradedv4.8.1
98/13219/min3m ago
wazuh-staging
eu-west-1
Offlinev4.9.2
0/180/min41m ago
wz-eu-prodOnlineManager v4.9.2
wazuh-eu-prod
https://siem-eu.internal.corp:55000
Range: auto-refresh 5s
271/284
Active agents
46
Alerts / min
38%
Manager CPU
142d
Uptime
Events / second
Agent status
Active6
Disconnected1
Never connected1
Alerts by severity (24h)
Critical18
High63
Medium6
Low208
Top triggered rules
#5402208
Successful sudo to ROOT executed
#1815241
Multiple SSH authentication failures from same source
#3115122
Web attack — SQL injection attempt
#571014
PowerShell execution with encoded command from Office process
#55016
New user created via useradd
#601223
Windows Defender detected a threat
Instance health
Manager APIOnline
Indexer clusterOnline
Manager nodes3
API port55000
Uptime142 days
Last sync12s ago
Recent alerts
Encoded PowerShell spawned by winword.exe
WKSTN-04209:41:02
SMB lateral movement attempt blocked
SRV-DC0109:51:30
New local admin account created
SRV-WEB0210:02:14
Sudo to root — expected maintenance window
SRV-DB0110:03:51
SQLi payload detected in query string
SRV-WEB0210:07:22
Quick Actions