Collecting System Inventory with Wazuh Syscollector A clear, practical guide for viewing inventory, exporting reports, and querying via Dev Tools Wazuh Home · Wazuh Ambassador Program · Portfolio Table of Contents Introduction – Why system inventory matters How Syscollector Works Verification of Syscollector on Agents Explore Inventory in the Dashboard Practical Example: Detecting Changes Conclusion 1. Introduction – Why system inventory matters An accurate system inventory is one of the most fundamental components of cybersecurity. Without visibility into what hardware, software, and processes are present in an environment, it is nearly impossible to detect anomalies or respond effectively to threats. Syscollector module of Wazuh provides this visibility by automatically collecting: Hardware information Operating system details Installed software Running p...
Deploying a Wazuh Lab: Building the Environment and Adding Agents This tutorial walks through the process of setting up a small Wazuh lab on a single host. Using virtual machines gives you a self‑contained environment for experimentation while keeping your main operating system untouched. The lab is structured with one Wazuh server running Ubuntu 22.04 LTS and several agents representing different endpoint operating systems. 1. Preparing the virtual environment Before installing Wazuh, you need an environment that mirrors a small network. I used Oracle VM VirtualBox to create four virtual machines: one acts as the Wazuh server and the other three act as agents. The machines are connected via a bridged network so they can communicate as if they were on the same LAN. Figure 1 shows the virtual environment: three Ubuntu machines and one Kali machine, with the server running Ubuntu 22.04 LTS and the agents running Ubuntu 18.04 LTS, Ubuntu...