1.0 ADBox subsystem HARC-001

The diagram below depicts the context of the ADBox subsystem.

ADBox context diagram

Parent links: MRS-002 Command & Control, MRS-004 Multivariate Anomaly Detection, MRS-032 Host and Network Ingestion, MRS-033 API Data Retrieval, MRS-039 Offline AD, MRS-041 Standalone AD Subsystem

2.0 ADBox architecture HARC-002

The diagram below depicts the high-level architecture of the ADBox subsystem.

ADBox high level architecture

Parent links: MRS-004 Multivariate Anomaly Detection, MRS-031 Multiple ML Techniques, MRS-032 Host and Network Ingestion, MRS-033 API Data Retrieval, MRS-039 Offline AD, MRS-041 Standalone AD Subsystem

3.0 IDPS-ESCAPE context HARC-003

The diagram below illustrates the overall context of the IDPS-ESCAPE system.

IDPS-ESCAPE context diagram

Parent links: MRS-002 Command & Control, MRS-003 Agent Data Centralization, MRS-004 Multivariate Anomaly Detection, MRS-005 Host-based Intrusion Detection, MRS-006 NIDS Support, MRS-007 Intrusion Prevention, MRS-008 Network Capture Forwarding, MRS-011 Signature-based Host IDS, MRS-012 XDR & SIEM Integration, MRS-013 Visual Dashboard, MRS-017 Monitoring Frontend, MRS-018 Data Management Subsystem, MRS-019 3rd-Party Open-source Signature-based NIDS, MRS-020 Platform Independence, MRS-022 Network Endpoint Monitoring, MRS-032 Host and Network Ingestion, MRS-033 API Data Retrieval, MRS-037 Multiple Deployment Models, MRS-039 Offline AD, MRS-040 Signature-Based NIDS, MRS-041 Standalone AD Subsystem

4.0 RADAR architecture HARC-004

The diagram below depicts the high-level architecture of the RADAR subsystem.

RADAR high level architecture

Parent links: MRS-007 Intrusion Prevention, MRS-012 XDR & SIEM Integration

5.0 RADAR Automated Test Framework architecture HARC-005

The diagram below depicts the high-level architecture of the RADAR Automated Test Framework.

RATF high level architecture

Parent links: MRS-007 Intrusion Prevention

6.0 RADAR deployment: Remote Agent and Remote Manager mode HARC-006

The diagram below illustrates the RADAR build-time and run-time architecture for a deployment in which both the Wazuh Manager and the Wazuh agents are hosted on remote endpoints.

RADAR architecture in Remote Agent and Remote Manager mode

Parent links: MRS-007 Intrusion Prevention

7.0 RADAR deployment: Remote Agent and Local Manager mode HARC-007

The diagram below illustrates the RADAR build-time and run-time architecture for a deployment in which the Wazuh Manager is hosted locally, while the Wazuh agent runs on a remote endpoint.

RADAR architecture in Remote Agent and Local Manager mode

Parent links: MRS-007 Intrusion Prevention

8.0 RADAR deployment: Local Agent and Local Manager mode HARC-008

The diagram below illustrates the RADAR build-time and run-time architecture for a deployment in which both the Wazuh Manager and the Wazuh agent are hosted locally using Docker containers.

RADAR architecture in Local Agent and Local Manager mode

Parent links: MRS-007 Intrusion Prevention