QRadar to Wazuh Mapping :: Domus Digitalis

Overview

Guide for translating QRadar knowledge to Wazuh.

Content to be built from operational experience.

QRadar	Wazuh	Notes
Log Source	Agent / Syslog	Wazuh uses agents or agentless collection
DSM (Device Support Module)	Decoder	Parses raw logs into fields
QID / Event	Rule	Wazuh rules trigger on decoded events
Offense	Alert	Correlated/aggregated security events
AQL Query	Wazuh API / Elasticsearch	Query indexed data

QRadar

Wazuh

Notes

Log Source

Agent / Syslog

Wazuh uses agents or agentless collection

DSM (Device Support Module)

Decoder

Parses raw logs into fields

QID / Event

Rule

Wazuh rules trigger on decoded events

Offense

Alert

Correlated/aggregated security events

AQL Query

Wazuh API / Elasticsearch

Query indexed data