Compatibility

Overview

Compatibility between components is a critical factor in building a stable and functional SIEM architecture. While most tools used in this project are highly flexible and loosely coupled, there are certain version constraints—particularly with OpenSearch and Graylog—that must be considered to ensure seamless integration.

---

Compatibility Notes

Below is a breakdown of the compatibility considerations for each major component:

• Wazuh
  The latest version of Wazuh can be used safely. This project primarily relies on the alerts.json file generated by the Wazuh Manager. As long as this file is available in standard JSON format, compatibility is ensured.

• Fluent Bit
  Fluent Bit functions as a lightweight log shipper. It reads logs from alerts.json and forwards them to other systems. Since Fluent Bit is only concerned with the log file format, any recent version is typically compatible.

• Graylog
  Graylog is used for log enrichment and pipeline processing. It remains compatible with most inputs from Fluent Bit and supports a wide range of OpenSearch/Elasticsearch backends. However, version compatibility with OpenSearch must be verified.

• OpenSearch
  This is the only component with strict version dependencies. Since Graylog communicates directly with OpenSearch, it’s essential to choose an OpenSearch version that is officially supported by the Graylog version you are using.

  ✅ Refer to the official Graylog Compatibility Matrix to ensure your selected versions of Graylog and OpenSearch are compatible.

---

Summary

---

Keeping these compatibility guidelines in mind will help you avoid integration issues during installation and runtime.