Skip to main content

Introduction

The Wazuh Dashboard Plugins provide comprehensive compliance monitoring capabilities that help organizations maintain adherence to various regulatory frameworks and security standards. The compliance module maps security events and rule violations to specific requirements across multiple frameworks.

Supported Compliance Frameworks

Wazuh supports monitoring and reporting for the following regulatory compliance frameworks:

PCI DSS

Payment Card Industry Data Security Standard - Protects cardholder data

GDPR

General Data Protection Regulation - European data privacy requirements

HIPAA

Health Insurance Portability and Accountability Act - Healthcare data protection

NIST 800-53

National Institute of Standards and Technology - Security controls catalog

TSC

Trust Services Criteria - SOC 2 compliance framework

How Compliance Monitoring Works

Wazuh maps security events and alerts to specific compliance requirements through rule fields:
  • rule.pci_dss - PCI DSS requirement identifiers
  • rule.gdpr - GDPR article references
  • rule.hipaa - HIPAA regulation sections
  • rule.nist_800_53 - NIST 800-53 control identifiers
  • rule.tsc - Trust Services Criteria references
When Wazuh detects a security event, it automatically tags the alert with relevant compliance requirements, enabling:
  • Real-time compliance status monitoring
  • Audit trail generation
  • Regulatory requirement mapping
  • Compliance gap identification

Compliance Data Structure

Compliance requirements are organized hierarchically in the codebase: 
// Located in: plugins/main/common/compliance-requirements/

export const pciRequirementsFile = {
  '1.1.1': 'Formal process for approving network changes...',
  '2.2': 'Develop configuration standards...',
  // ... additional requirements
};
Reference: plugins/main/common/compliance-requirements/ directory

Compliance Dashboard Components

The compliance monitoring interface consists of:

Compliance Table

Interactive table component that displays:
  • Requirement categories and sub-requirements
  • Alert counts per requirement
  • Filtering and search capabilities
  • Detailed requirement descriptions
Source: plugins/main/public/components/overview/compliance-table/compliance-table.tsx

Requirements Panel

Left sidebar showing:
  • Top-level requirement categories
  • Alert counts per category
  • Selection state for filtering

Subrequirements Panel

Detailed view displaying:
  • Individual compliance requirements
  • Specific control descriptions
  • Direct links to related alerts

Using Compliance Dashboards

1

Navigate to Compliance Module

Select the desired compliance framework (PCI DSS, GDPR, HIPAA, NIST, or TSC) from the Wazuh Dashboard overview.
2

Review Requirements

Browse the requirements panel to see categorized compliance controls and their current alert counts.
3

Filter by Requirement

Click on any requirement category to filter alerts and view only events related to that specific control.
4

Analyze Events

Review the events table showing security alerts mapped to the selected compliance requirement.
5

Generate Reports

Use the search bar and date picker to refine results and export compliance reports.

Data Source Configuration

Each compliance framework has a dedicated data source implementation: 
// Example: PCI DSS Data Source
const KEY_EXIST = 'rule.pci_dss';
Data sources are located in:
  • plugins/main/public/components/common/data-source/pattern/events/pci-dss/
  • plugins/main/public/components/common/data-source/pattern/events/gdpr/
  • plugins/main/public/components/common/data-source/pattern/events/hipaa/
  • plugins/main/public/components/common/data-source/pattern/events/nist-800-53/
  • plugins/main/public/components/common/data-source/pattern/events/tsc/

Compliance Visualization

Each framework includes pre-built dashboard visualizations:
  • Top requirements by alert count - Bar charts showing most triggered controls
  • Alert trends over time - Timeline visualizations
  • Requirement distribution - Pie charts of compliance coverage
  • Agent compliance status - Per-agent compliance metrics
Dashboard definitions: plugins/main/common/dashboards/dashboard-definitions/overview/[framework]/

Query and Filter System

The compliance table implements advanced filtering: 
const getRegulatoryComplianceRequirementFilter = (key: string, value: string) => {
  return [{
    meta: {
      type: 'phrase',
      key: key,
      value: value,
      controlledBy: DATA_SOURCE_FILTER_CONTROLLED_REGULATORY_COMPLIANCE_REQUIREMENT,
    },
    query: {
      match: {
        [key]: {
          query: value,
          type: 'phrase',
        },
      },
    },
  }];
};
Reference: plugins/main/public/components/overview/compliance-table/compliance-table.tsx:168

Best Practices

Review compliance dashboards daily to identify new violations and trends.
Use the date picker to analyze compliance over specific audit periods.
Focus on high-alert requirements that indicate potential compliance gaps.
Export filtered views to support regulatory audits and assessments.

Next Steps

Explore detailed documentation for each compliance framework: