Rustinel EDR + Wazuh

Rustinel EDR + Wazuh

June 29th 2026 / Ambassadors
By Hanif Kurniawan Atmanto / Medium

Deploying an open-source EDR on Linux and Windows and shipping its alerts into Wazuh

Read more
Wazuh Agent Enrollment & Connection Types

Wazuh Agent Enrollment & Connection Types

June 27th 2026 / Ambassadors
By Aram Evinyan / LinkedIn

This guide provides a structured overview of how Wazuh agents securely enroll with the manager, compares authentication methods, and explains the advantages and trade-offs of each approach.

Read more
Ingesting InsecureWeb Threat Intelligence with Wazuh SIEM for Real-Time IOC Detection

Ingesting InsecureWeb Threat Intelligence with Wazuh SIEM for Real-Time IOC Detection

June 25th 2026 / Ambassadors
By Muhammad Moiz Ud Din Rafay / Medium

This project demonstrates the integration of InsecureWeb Threat Intelligence feeds with Wazuh SIEM to enhance threat detection capabilities. By importing threat intelligence indicators into Wazuh’s CDB (Constant Database) lists and creating custom correlation rules, the SIEM can automatically identify malicious activity observed within collected logs and generate high-priority alerts.

Read more
Extending Wazuh Threat Intelligence with OpenCTI and Retro-Hunting

Extending Wazuh Threat Intelligence with OpenCTI and Retro-Hunting

June 25th 2026 / Ambassadors
By Federico Fantini / blog.federicofantini.net

This post documents the current version of my Wazuh-TI integration. The OpenCTI path is now handled by a small Django/Celery service that fetches indicators from OpenCTI, maintains the current export snapshot, exposes Wazuh-compatible artifacts, and runs retro-hunting queries against the Wazuh Indexer. The Wazuh manager consumes the results through a small unprivileged downloader and a few cron jobs.

Read more
AI-Powered Wazuh: A Virtual SOC Analyst for Your SIEM

AI-Powered Wazuh: A Virtual SOC Analyst for Your SIEM

June 24th 2026 / Ambassadors
By Jędrzej Boguszyński / jedrzejboguszynski.pl

Anyone who’s worked with a SIEM system knows the feeling: 7:00 am, you’ve just arrived at work, and your screen is lit up with dozens of alerts. You try to quickly connect the dots: is this repeated failed login simply an employee forgetting their password, or the beginning of a brute-force attack? Wazuh is a platform that offers powerful threat detection capabilities, but even the best tool needs dedicated staff. Unfortunately, in companies (especially smaller ones), there’s often only one person responsible for security. Security monitoring is often a sideline for IT administrators, who are already swamped with maintenance infrastructure and don’t have time to properly verify alerts because other things constantly distract them.

Read more
Companion Reference — Zabbix–Wazuh Integration Guide

Companion Reference — Zabbix–Wazuh Integration Guide

June 23rd 2026 / Ambassadors
By Michael Theumert / GitHub

This document is the step-by-step implementation companion to the six-part article series Monitoring Wazuh with Zabbix. Where the series explains the reasoning — why monitoring is designed the way it is, what failure scenarios each check addresses, how to think about alerting and operational ownership — this reference provides the instructions.

Read more
Wazuh SIEM Docker Container Monitoring Lab

Wazuh SIEM Docker Container Monitoring Lab

June 23rd 2026 / Ambassadors
By Maryam Liaqat / Medium

This document provides a complete technical walkthrough of setting up Docker container monitoring using Wazuh SIEM on an AWS EC2 instance. The lab demonstrates how Wazuh can detect and alert on Docker container lifecycle events, suspicious activity such as shell sessions, and container deletions in real time.

Read more