The article shows how to use Wazuh to centrally distribute and manage Sysmon configurations across multiple endpoints, enabling consistent deployments and reducing manual administration.

How I combined LangGraph, Ollama, and a locally hosted LLM to create an on-call diagnostic assistant that SSHes into my Wazuh fleet and answers questions in plain English — from my phone.

Blocking the attacker’s IP is good. Locking the targeted account at the same time is better because IPs can change, accounts can’t escape a lock.
This tutorial shows how to configure two Wazuh active responses that fire simultaneously on a single brute-force detection: firewall-drop + disable-account.

A complete, reproducible Wazuh homelab setup that automates TI feed ingestion, normalizes & deduplicates indicators, updates Wazuh CDB lists, correlates with Sysmon/Suricata telemetry, and sends alerts to Discord.

Curated list of Wazuh resources, tools, and integrations in GitHub

German – If you run the Wazuh Indexer on a hardened Ubuntu 24.04 server, you encounter an apparent issue after every apt upgrade: needrestart reports that the Wazuh Indexer needs to be restarted, even though the service is running stably and the installed updates have nothing to do with the indexer.

In this article I will show, step by step, how to integrate the ESET Endpoint Security antivirus on Windows and ESET File Server for Linux with the Wazuh SIEM platform.

In this article I will show, step by step, how to integrate the ESET Endpoint Security antivirus on Windows and ESET File Server for Linux with the Wazuh SIEM platform.

In this series we take a parallel path: using AWS Bedrock – specifically Claude Sonnet 4.5 – as the inference backend, while all security data stays strictly within the local Docker network.