How to enable HIDS in wazuh

[s v yashwanth]

Hello Team, 

Could you please help me with how to enable HIDS in wazuh with a procedure. 

Thanks

Yashwanth S V

[Jose Luis Carreras Marin]

Hello Yashwanth, 

Could you be a little more specific about what you are looking for?

Wazuh is already a default HIDS system:

Host-based Intrusion Detection System (HIDS)
Wazuh agent runs at a host-level, combining anomaly and signature based technologies to detect intrusions or software misuse. It can also be used to monitor user activities, assess system configuration and detect vulnerabilities.

Do you mean how to install or configure Wazuh agents?

Greetings, Jose

[s v yashwanth]

Hello Jose,

We have already installed wazuh in our environment, but we need to know that, what specific features of HIDS are there in wazuh.
If available, please send me each configuration process

[Jose Luis Carreras Marin]

Hello Yashwanth

Here you can see a list of the Wazuh's intrusion detection capabilities:

https://documentation.wazuh.com/4.0/user-manual/capabilities/index.html

Each and every one of them can be configured directly through the configuration file of each agent (ossec.conf), or in a centralized way from the manager (agent.conf).

In the link of the previous documentation, you can see a section "configuration" in each of the capacities. If you are interested in knowing more about the centralized configuration mode, you can read about it here:

https://documentation.wazuh.com/4.0/user-manual/reference/centralized-configuration.html?highlight=centralized%20configuration

The configuration process is based on the preferences of each system and is highly customizable. If you wish, you can ask any question you may have about the process.

Greetings, Jose