Skip to main content


Maturity Levels

PRODUCTIONThe solution is developed, tested and integrated in the production package.
REFACTORINGThe solution was integrated in production, but now suffers changes.
UNDER_DEVELOPMENTThe solution development is started and in progress.
DEV_ONLYThe solution is only for development/testing purposes only, not accessible for regular users.

Solutions Categories

WEB_IDSWeb Intrusion Detection System
NETWORK_IDPSNetwork Detection and Prevention System
WEB_ENCRYPTIONEncryption for Web Applications
HOST_IPSHost Intrusion Prevention System
NONENo Security

Test Types

TypeVerified AspectAutomatic VerificationsExample
REQUIREMENTThe system is compatible.On solution installation, all tests needs to pass.The operating system is Ubuntu.
PRESENCEThe solution is installed on the machine.On solution installation, all needs to fail. In all other operations, all needs to pass.Suricata's executable is present.
OPERATIONALThe solution is running (with or without achieving its security purposes).Suricata's process is running.
SECURITYThe solution achieves its security-related goals.The firewall detects artificial malicious traffic.
INTEGRATIONThe solution integrates with other components of the infrastructure.The threat hunting agent communicate with its manager.

Information Properties

PropertyDescriptionAnother Required PropertiesExample
CONFIGURATIONInformation required to make a solution operableQuarantine folder for an antivirus
METRICRead-only information that is exposed by the solution, describing its functioningREAD_ONLYNumber of blocked malware by an antivirus
MANDATORYRequired to be set during the whole functioning of the solutionCONFIGURATIONEmail where an XDR sends its critical alerts
OPTIONALOptional to setCONFIGURATIONAdditional threat hunting sources for an IDS
WITH_DEFAULT_VALUEWith a default (recommended) value. If it is not specified in the local configuration file of the solution, this value is used.CONFIGURATIONDefault 443 port for an HTTPS web server
NON_DEDUCTIBLEWith a value that is not deductible from querying the host. The only way MutableSecurity finds its value is by inspecting the local configuration file of the solution.CONFIGURATION, MANDATORYPort on which a web server that needs to be protected listens
AUTO_GENERATED_BEFORE_INSTALLWith a value auto-generated before installationCONFIGURATION, READ_ONLYA random password, generated after installing Wazuh
AUTO_GENERATED_AFTER_INSTALLWith a value auto-generated after installationCONFIGURATION, READ_ONLYA random password, generated after installing Wazuh
READ_ONLYThe value could not be written, only read.Any metric
WRITABLEThe value could be written and read.A server on which an agent reports

Log Formats

TEXTSingle-line plaintext

.mutablesecurity Keys

KeyDescriptionPossible Values
developer_modeIndicates if the person using MutableSecurity is a developer.False for users (implicit) or True for developers
application_monitoringIndicates if the application monitoring is enabled.True if enabled (implicit), False otherwise