/ Ambassadors
Automated DoS Mitigation
This time I configured Wazuh to detect a SYN flood attack using a custom rule and a custom decoder that extracts the attacker's IP from iptables kernel logs.
Wazuh Stormshield Custom Rule+Decoder
April 2nd 2026
The post explains how to integrate Stormshield firewall logs into Wazuh by creating custom decoders and rules, since they are not supported natively.
Filebeat Error when deployed wazuh on ubuntu server 24.04
April 2nd 2026 / Ambassadors
This note is for people who try to deploy wazuh on ubuntu server 24.04
Why Your SOC Needs better Thinking
April 2nd 2026 / Ambassadors
The article explains how to reduce alert noise with Wazuh, proactively detect threats, and reinvest savings into team training.
Sophos Firewall Integration with Wazuh SIEM
April 2nd 2026 / Ambassadors
This guide outlines the complete process of integrating a Sophos XG/XGS Firewall with the Wazuh SIEM platform.
Wazuh, Zeek and Pi-hole DNS Sinkhole on Repurposed Hardware (TV Box)
April 1st 2026 / Ambassadors
This project transforms a decommissioned low-cost TV Box into an operational network security node, combining DNS-level threat blocking with deep packet inspection, centralized log aggregation, and external threat intelligence enrichment.
Wazuh Stormshield Custom Rule+Decoder
April 1st 2026 / Ambassadors
The article explains how to integrate Stormshield firewall logs into Wazuh by creating custom decoders and rules to properly parse data, enable accurate alerting, and improve detection and response capabilities.
You Can’t Afford Splunk. Can Wazuh Actually Fill the Gap?
March 30th 2026 / Ambassadors
In this article, a fine line will be drawn between these two statements, specific architectural and compliance shortcomings will be identified that need to be addressed by security engineers, and a cost analysis will be provided for small healthcare organizations and SMEs considering Wazuh as a budget-friendly alternative.