Currently choosing a database for cold events

[WiFi]

Colleagues, good afternoon!
I would like to clarify which databases Wazuh can work with, besides OpenSearch??
I plan to divide events into hot and cold ones. I'm currently choosing a database for cold events.
What would you recommend besides OpenSearch?

[Facundo Dalmau]

Hi. 

Just to clarify, OpenSearch is not a database, it is a search, analytics, and data management platform. In our documentation, we list several options to integrate Wazuh with (Integrations guide: Elastic, OpenSearch, Splunk, Amazon Security Lake) that may be helpful for your use case.

[WiFi]

Thanks for the reply.
Sorry for the stupid question, but how do I figure out what kind of database I have?
I got Wazuh from a previous employee and I'm trying to figure out the architecture.

среда, 26 марта 2025 г. в 16:00:14 UTC+3, Facundo Dalmau:

[Facundo Dalmau]

Hi. This link may be of aid https://documentation.wazuh.com/current/getting-started/architecture.html. The Wazuh central components are 3:

- Wazuh server: analyzes data received from the agents and is also used to manage these. It internally contains an SQLite database (/var/ossec/queue/db/global.db) to store information related to the agents' information and is the one in charge of triggering alerts for the Wazuh Indexer.

- Wazuh Indexer: indexes and stores alerts generated by the Wazuh server.

- Wazuh Dashboard: the web user interface for data visualization and analysis and also used to manage Wazuh configuration and to monitor its status.