architecture/centralized_configuration/Readme.md
One of the key features of Wazuh as a EDR is the Centralized Configuration, allowing to deploy configurations, policies, rootcheck descriptions or any other file from Wazuh Manager to any Wazuh Agent based on their grouping configuration. This feature has multiples actors: Wazuh Cluster (Master and Worker nodes), with wazuh-manager-remoted as the main responsible from the managment side, and Wazuh Agent with wazuh-agentd as resposible from the client side.
Sequence diagram shows the basic flow of Centralized Configuration based on the configuration provided. There are mainly three stages:
wazuh-manager-remoted) creates every remoted.shared_reload (internal) seconds the files that need to be synchronized with the agents.wazuh-manager-clusterd) continuously synchronize files between Wazuh Manager Master Node and Wazuh Manager Worker Nodeswazuh-agentd (via ) sends every notify_time (ossec.conf) their status, being merged.mg hash part of it. Wazuh Manager Worker Node (wazuh-manager-remoted) will check if agent's merged.mg is out-of-date, and in case this is true, the new merged.mg will be pushed to Wazuh Agent.