Introduction
Wazuh Agent is lightweight software that runs on endpoint devices (Windows machines or Linux). It collects logs from that endpoint and sends them via an authenticated channel to the Wazuh manager for analysis. Wazuh agent plays a role in host-based intrusion detection by checking the file integrity (FIM), logs, running processes, system, and user behaviour activity.

Prerequisites

• Internet access to download the Wazuh agent.
• Up and running Wazuh manager
• Allow ports 1514/TCP, 1515/TCP, and 55000/TCP from the endpoint to the Wazuh manager.

Step 1: Download the Wazuh agent.
If your endpoint has internet access, you can go to the link below and download the Wazuh agent. 
Link:  https://packages.wazuh.com/4.x/windows/wazuh-agent-4.12.0-1.msi
Note: The version of the agent in that link is 4.12, which may be older; it is recommended to have the latest version of the agent. However, the agent version can not be higher than Wazuh manager.
If your endpoint does not have internet, you can just download it somewhere else and paste the agent into the endpoint you want to monitor.

Step 2: Installing the Wazuh agent.
Open CMD as an administrator and be in a directory where the agent is located.
Then you can just run the command below.
#wazuh-agent-4.12.0-1.msi /q WAZUH_MANAGER="WAZUH_MANAGER"

Then start the Wazuh service by running the following command.
#NET START Wazuh

Step 3: Verifying the agent connection to the manager

When you login to the Wazuh dashboard, you will see that another agent is in the agent summary.

Optional: It is great to have a group for similar nodes, for example, create a Windows group and a Linux group.
Go to menu > Agents management > Groups > Add new group.

Now, go back to the endpoint list and click on the three dots on the right side of the agent. Then, click edit group and choose the group you want to use for that agent.

Congratulations, now you have the endpoint connected to the manager for monitoring.