Documentation

[Kenny]

Where to go to get detailed documentation on Architectural process flows. The documentaion? I want to understand what's going on under the hood not just the Wazuh guide on installing and using it. I'm tired of scratching at the surface when I run into little issues here and there. 

[Eric Franco Fahnle]

Hi Kenny,

As a general guide, yes, the documentation is quite vast and covers many flows. If you want to dig deeper than that, then we should talk about exactly what you're trying to understand to see if the docs are still a good fit or not. To give you an example, from this page of Architecture of the docs: https://documentation.wazuh.com/current/getting-started/architecture.html you can:

- Understand the different components

- Follow links to specific components, like agents and indexers

- See how internal services (analysis engine, filebeat, etc) interact with each other

- Understand the communication between agents and servers

- Understand the communication between servers and indexers

- Get a list of all required ports

That's just the start and a single page. I can recommend you that you give the documentation a good through read and then get deeper if you need to. I've sometimes found myself looking at the source code (here's the repo https://github.com/wazuh/wazuh) but most of the times it won't be necessary.

It's also a good idea to understand the different daemons contained in the master node: https://documentation.wazuh.com/current/user-manual/reference/daemons/index.html

And as the Wazuh indexer is a fork from OpenSearch, you can also get a good basic understanding of their solution, as sooner or later you'll need it: https://opensearch.org/

Hope this helps,

Eric