Added wazuh-syscheckd as a file integrity monitoring capability #1320
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As mentioned in #1319, Wazuh is a fork of OSSEC and is being actively maintained. Wazuh agent has capabilities to check file integrity by default. File integrity -and Registry integrity for Windows- capabilities are based on a daemon called wazuh-syscheckd. It runs when syscheck configuration is set up on the agents.
Therefore, it seems feasible to add Wazuh to the accepted logging products. Current capabilities satisfy test FINT-4350.
https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/
https://documentation.wazuh.com/current/pci-dss/log-analysis.html