Skip to content

ZIMK/wazuh-dfn

BranchesTags

Repository files navigation

wazuh-dfn

GitHub releases

The wazuh-dfn is a specialized daemon that integrates Wazuh with DFN-CERT services. It monitors Wazuh alert files and forwards relevant security events to the DFN SOC (Security Operations Center) for advanced analysis and threat detection. The service is built with asyncio for efficient, non-blocking I/O operations, resulting in high performance and scalability.

Table of Contents

Documentation

The documentation for wazuh-dfn can be found at https://zimk.github.io/wazuh-dfn/. Please always take a look at the documentation for further details. This README just gives you a short overview.

Features

  • Asynchronous Architecture: Built with Python's asyncio for non-blocking I/O operations
  • High Performance: Efficiently processes large volumes of alerts with minimal overhead
  • Robust Error Handling: Features automatic reconnection, queue management, and error recovery
  • Secure Communication: TLS/SSL support for Kafka communication with certificate validation
  • Specialized Alert Handlers: Modular design with dedicated handlers for different alert types
  • Flexible Configuration: Supports YAML, TOML, environment variables, and CLI arguments
  • Comprehensive Monitoring: Detailed logging and performance metrics
  • Resource Management: Dynamic queue management to control memory usage
  • File Monitoring: Reliable alert file monitoring with rotation detection and partial alert handling

Installation

Requirements

Python 3.12 or later is required. The project uses modern Python features including asyncio for asynchronous operations.

Install using pip

You can install the latest stable release of wazuh-dfn from the Python Package Index using pip:

python3 -m pip install wazuh-dfn

Install from source

To install from source:

git clone https://github.com/ZIMK/wazuh-dfn.git
cd wazuh-dfn
python -m pip install --upgrade pip pdm
pdm install

Configuration

The wazuh-dfn service can be configured through various methods, in order of precedence:

  1. Command-line arguments
  2. Environment variables
  3. Configuration file (YAML or TOML)

Generate a sample configuration:

wazuh-dfn --generate-sample-config --output-format toml

For all available options:

wazuh-dfn --help-all

Support

If you found a problem with the software, please create an issue on GitHub.

Maintainer

This project is maintained by University of Trier - ZIMK.

Contributing

Your contributions are highly appreciated. Please create a pull request on GitHub. For bigger changes, please discuss it first in the issues.

For development setup instructions, see CONTRIBUTING.md.

License

This project is licensed under the GNU Affero General Public License v3.0 - see the LICENSE file for details.

About

wazuh-dfn - A specialized daemon that integrates Wazuh with DFN SOC

zimk.github.io/wazuh-dfn/

Topics

integration wazuh wazuh-integration

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases 22

v0.21.0 Latest
Aug 19, 2025
+ 21 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages