Wazuh-DFN Documentation

Welcome to the Wazuh-DFN documentation!

Wazuh-DFN is a specialized daemon that integrates Wazuh with DFN-CERT services. It monitors Wazuh alert files and forwards relevant security events to the DFN SOC (Security Operations Center) for advanced analysis and threat detection. The service is built with asyncio for efficient, non-blocking I/O operations, resulting in high performance and scalability.

Contents

User Guide

• About
  • Features
  • How It Works
  • Technical Stack
• Installation
  • Prerequisites
  • About wazuh-dfn
  • Installation Methods
  • OS-Specific Installation
  • Configuration
  • Service Setup
  • Verifying Installation
  • Next Steps
• Configuration
  • Configuration File Formats
  • Configuration Sections
  • Environment Variables
  • Command-Line Arguments
  • Verifying Configuration
  • Best Practices
  • Next Steps
• Wazuh-DFN Usage Guide
  • Basic Usage
  • Command-Line Arguments
  • Asyncio Service Operation
  • Running as a Service
  • Environment Variables
  • Monitoring and Performance Tuning
  • Troubleshooting
  • Security Considerations
• Troubleshooting
  • Monitoring
  • Common Issues and Solutions
  • Performance Tuning
  • Diagnostic Procedures

Architecture

• Wazuh-DFN Architecture
  • Overview
  • Asynchronous Flow
  • Asyncio Task Management
  • Error Handling and Recovery
  • Configuration
  • Performance Considerations
  • Extension Points

Development

• Contributing to wazuh-dfn
  • Development Setup
  • Code Style
  • Testing
  • Pull Request Process
  • Development Workflow
  • Code Review Process
  • Release Process

Features

• Asynchronous Architecture: Built with Python’s asyncio for efficient I/O operations

• Robust Error Handling: Automatic reconnection, queue management, and error recovery

• High Performance: Processes large volumes of alerts with minimal overhead

• Secure Communication: TLS/SSL support for Kafka communication

• Extensible: Modular design with specialized handlers for different alert types

• Configurable: Flexible configuration options via YAML, TOML, environment variables, or CLI arguments

• Metrics & Logging: Comprehensive logging and performance metrics

Requirements

• Python 3.12 or later

• Wazuh manager instance

• DFN-CERT Kafka broker access

• TLS/SSL certificates for secure communication

Indices and tables

• Index

• Module Index

• Search Page