This lab demonstrates an alternative approach: deploying a dedicated probe server in promiscuous mode, equipped with Suricata and a Wazuh agent, in order to detect multiple categories of web attacks without installing any agent on the target application server.
The question less of whether Wazuh has every capability out of the box. But more of whether your team does.
This time I configured Wazuh to detect a SYN flood attack using a custom rule and a custom decoder that extracts the attacker’s IP from iptables kernel logs.
SOC lab to simulate a realistic phishing based attack chain and explore how Security Operations Center teams can detect malicious activity using endpoint telemetry and SIEM correlation with Wazuh.
The post explains how to integrate Stormshield firewall logs into Wazuh by creating custom decoders and rules, since they are not supported natively.
This note is for people who try to deploy wazuh on ubuntu server 24.04
The article explains how to reduce alert noise with Wazuh, proactively detect threats, and reinvest savings into team training.
This guide outlines the complete process of integrating a Sophos XG/XGS Firewall with the Wazuh SIEM platform.