What "power" does a Wazuh server have over a client/agent?
I want to switch to a different log monitoring solution, and I am currently evaluating Wazuh, an OSSEC fork which seems to be a popular choice among the open-source community.
Reading the documentation, the following sentence caught my eye:
Once connected, the agent can be upgraded, monitored, and configured remotely from the Wazuh server.
I am trying to evaluate the impact of the Wazuh server (which would be hosted externally) being compromised.
If the server can "upgrade" and "configure" the agent, does that mean that an attacker gaining access to the Wazuh server can also gain access to all clients monitored by that server, or are there safeguards in place that ensure that (in the default configuration) commands from the Wazuh server can only perform "benign" or "safe" operations?
