SIEM · Wazuh Fleet

2/4 instances online718/790 agents active · 126 alerts/min ·

4 Instances
Instances4
95%
wazuh-eu-prod
eu-west-1
Onlinev4.9.2
271/28446/min12s ago
98%
wazuh-us-prod
us-east-1
Onlinev4.9.2
349/35661/min8s ago
74%
wazuh-apac
ap-southeast-1
Degradedv4.8.1
98/13219/min3m ago
0%
wazuh-staging
eu-west-1
Offlinev4.9.2
0/180/min41m ago
wz-eu-prodOnlineManager v4.9.2

wazuh-eu-prod

https://siem-eu.internal.corp:55000

Range:
auto-refresh 5s
271/284
Active agents
46
Alerts / min
38%
Manager CPU
142d
Uptime

Events / second

Agent status

Active6
Disconnected1
Never connected1

Alerts by severity (24h)

Critical18
High63
Medium6
Low208

Top triggered rules

#5402
Successful sudo to ROOT executed
208
#18152
Multiple SSH authentication failures from same source
41
#31151
Web attack — SQL injection attempt
22
#5710
PowerShell execution with encoded command from Office process
14
#5501
New user created via useradd
6
#60122
Windows Defender detected a threat
3

Instance health

Manager APIOnline
Indexer clusterOnline
Manager nodes3
API port55000
Uptime142 days
Last sync12s ago

Recent alerts

Encoded PowerShell spawned by winword.exe

WKSTN-04209:41:02

SMB lateral movement attempt blocked

SRV-DC0109:51:30

New local admin account created

SRV-WEB0210:02:14

Sudo to root — expected maintenance window

SRV-DB0110:03:51

SQLi payload detected in query string

SRV-WEB0210:07:22
Quick Actions