Wazuh is a security platform that offers unified XDR (Extended Detection and Response) and SIEM (Security Information and Event Management) protection for endpoints and cloud workloads. It consists of a single universal agent and three main…

In this guide, I will show you how to turn Wazuh combined with Sysmon into a powerful detection engine that alerts you the moment a legitimate tool is used to upload data out of your network.

STRONTIUM is a Russian-based threat actor associated with the Russian General Staff Main Intelligence Directorate (GRU) and operates under the name Forest Blizzard. Forest Blizzard has also utilized a custom post-compromise tool named…

In an era where cyber threats are growing in sophistication, organizations need robust, scalable, and intelligent security solutions to protect their infrastructure. Wazuh, an open-source Extended Detection and Response (XDR) and Security…

This integration allows Wazuh to automatically check the reputation of any file detected during FIM scans by sending its hash to VirusTotal.

Re-indexing turns out to be the unexpected cause, and the effect can be an indexer cluster running out of shards or disk space due to older indexes not being deleted when intended. The solution requires a different approach to Wazuh ILM.

Integrating Keycloak with Wazuh transforms how identity and access management events are monitored. This integration not only provides visibility into authentication and administrative activity but also strengthens your organization’s security posture through real-time alerting, auditing, and compliance tracking.