A-066 - Wazuh (SIEM)
Purpose
Provide centralized logging, monitoring and threat detection capabilities.
Asset Type
- Platform
Description
- SIEM platform for collecting and analyzing logs
- Supports intrusion detection, file integrity monitoring and alerting
- Intended to centralize security-relevant events across the lab
Criticality
- High
Sensitivity
- Sensitive
Exposure Level
- Internal
Trust Zone
- Hell
Dependencies
- Internal infrastructure (agents, network connectivity)
- Log sources (VPS, firewall, services)
Relationships
- Receives logs from infrastructure and platform assets
- Supports incident detection and response processes
Security Position (Architecture Context)
- Core visibility component
- Enables detection of malicious or abnormal activity
- Absence reduces ability to identify compromise
Existing Protective Measures
- Planned secure deployment within internal network
- Restricted access to SIEM interface
Owner / Responsibility
- Security Role (Sec)
Notes
- Not yet deployed
- Critical for improving detection and response maturity