Wazuh-DFN Documentation¶
Welcome to the Wazuh-DFN documentation!
Wazuh-DFN is a specialized daemon that integrates Wazuh with DFN-CERT services. It monitors Wazuh alert files and forwards relevant security events to the DFN SOC (Security Operations Center) for advanced analysis and threat detection. The service is built with asyncio for efficient, non-blocking I/O operations, resulting in high performance and scalability.
Contents¶
Architecture
Features¶
Asynchronous Architecture: Built with Python’s asyncio for efficient I/O operations
Robust Error Handling: Automatic reconnection, queue management, and error recovery
High Performance: Processes large volumes of alerts with minimal overhead
Secure Communication: TLS/SSL support for Kafka communication
Extensible: Modular design with specialized handlers for different alert types
Configurable: Flexible configuration options via YAML, TOML, environment variables, or CLI arguments
Metrics & Logging: Comprehensive logging and performance metrics
Requirements¶
Python 3.12 or later
Wazuh manager instance
DFN-CERT Kafka broker access
TLS/SSL certificates for secure communication