Extending Wazuh Threat Intelligence with OpenCTI and Retro-Hunting

Extending Wazuh Threat Intelligence with OpenCTI and Retro-Hunting

June 25th 2026 / Ambassadors
By Federico Fantini / blog.federicofantini.net

This post documents the current version of my Wazuh-TI integration. The OpenCTI path is now handled by a small Django/Celery service that fetches indicators from OpenCTI, maintains the current export snapshot, exposes Wazuh-compatible artifacts, and runs retro-hunting queries against the Wazuh Indexer. The Wazuh manager consumes the results through a small unprivileged downloader and a few cron jobs.

Read more
AI-Powered Wazuh: A Virtual SOC Analyst for Your SIEM

AI-Powered Wazuh: A Virtual SOC Analyst for Your SIEM

June 24th 2026 / Ambassadors
By Jędrzej Boguszyński / jedrzejboguszynski.pl

Anyone who’s worked with a SIEM system knows the feeling: 7:00 am, you’ve just arrived at work, and your screen is lit up with dozens of alerts. You try to quickly connect the dots: is this repeated failed login simply an employee forgetting their password, or the beginning of a brute-force attack? Wazuh is a platform that offers powerful threat detection capabilities, but even the best tool needs dedicated staff. Unfortunately, in companies (especially smaller ones), there’s often only one person responsible for security. Security monitoring is often a sideline for IT administrators, who are already swamped with maintenance infrastructure and don’t have time to properly verify alerts because other things constantly distract them.

Read more
Companion Reference — Zabbix–Wazuh Integration Guide

Companion Reference — Zabbix–Wazuh Integration Guide

June 23rd 2026 / Ambassadors
By Michael Theumert / GitHub

This document is the step-by-step implementation companion to the six-part article series Monitoring Wazuh with Zabbix. Where the series explains the reasoning — why monitoring is designed the way it is, what failure scenarios each check addresses, how to think about alerting and operational ownership — this reference provides the instructions.

Read more
Wazuh SIEM Docker Container Monitoring Lab

Wazuh SIEM Docker Container Monitoring Lab

June 23rd 2026 / Ambassadors
By Maryam Liaqat / Medium

This document provides a complete technical walkthrough of setting up Docker container monitoring using Wazuh SIEM on an AWS EC2 instance. The lab demonstrates how Wazuh can detect and alert on Docker container lifecycle events, suspicious activity such as shell sessions, and container deletions in real time.

Read more
Detecting Rogue MCP Servers and Shadow AI Agents on Endpoints with Wazuh

Detecting Rogue MCP Servers and Shadow AI Agents on Endpoints with Wazuh

June 19th 2026 / Ambassadors
By Nadim Saliby / Nadim Saliby's blog

Filesystem servers, GitHub servers, database servers, internal-API servers, shell servers. The default configuration on most of these clients lets the agent invoke MCP tools without explicit per-call human approval, because the alternative is a modal dialog every two seconds and nobody would ship that.

Almost nobody is monitoring those servers.

Read more
Wazuh 4.X High Availability & Deployment Decision Guide

Wazuh 4.X High Availability & Deployment Decision Guide

June 18th 2026 / Ambassadors
By Aram Evinyan / LinkedIn

Most Wazuh deployments start as a quick all-in-one install. It works. Then at 3am, the disk fills up, the
indexer crashes, and nobody knows an attacker walked into three servers while SIEM was blind. That is the
moment people learn why HA matters — but it should not be learned that way.
This guide is built from real deployment experience. Every recommendation here is something that broke at
least once in production without it.

Read more
How to meet compliance requirements using open source? The role of the Wazuh system in the modern enterprise

How to meet compliance requirements using open source? The role of the Wazuh system in the modern enterprise

June 17th 2026 / Ambassadors
By Jędrzej Boguszyński / jedrzejboguszynski.pl

A modern approach to cybersecurity no longer requires purchasing astronomically expensive, proprietary systems. The open source world, led by the Wazuh platform, comes to the rescue. In this article, we’ll examine how this single, flexible tool allows for seamless, budget-friendly adaptation of a company’s infrastructure to the requirements of NIS2 and the Polish KSC2.

Read more