Practical Threat Hunting on Compressed Logs with DuckDB

Practical Threat Hunting on Compressed Logs with DuckDB

>
June 3rd 2025 / Ambassadors
By Zafer Balkan / Zafer Balkan Blog

Threat hunting and incident response demand quick and adaptable access to logs, particularly in environments with limited detection capabilities or evolving infrastructure maturity.

June 3rd 2025 / Ambassadors

Practical Threat Hunting on Compressed Logs with DuckDB

By Zafer Balkan / Zafer Balkan Blog

Threat hunting and incident response demand quick and adaptable access to logs, particularly in environments with limited detection capabilities or evolving infrastructure maturity.

Read more

>
Supercharge Wazuh Active Response with CoPilot: No More Limits!

Supercharge Wazuh Active Response with CoPilot: No More Limits!

>
June 1st 2025 / Ambassadors
By Taylor Walton / YouTube

In this video, explore a smarter and more flexible way to use Wazuh’s active response. Learn how to bypass built-in limitations, trigger responses via Graylog and Copilot APIs, run custom scripts like DNS sinkholing, and automate actions with powerful Graylog alerts.

June 1st 2025 / Ambassadors

Supercharge Wazuh Active Response with CoPilot: No More Limits!

By Taylor Walton / YouTube

In this video, explore a smarter and more flexible way to use Wazuh’s active response. Learn how to bypass built-in limitations, trigger responses via Graylog and Copilot APIs, run custom scripts like DNS sinkholing, and automate actions with powerful Graylog alerts.

Read more

>
Master Sysmon Config Management with CoPilot & Wazuh!

Master Sysmon Config Management with CoPilot & Wazuh!

>
May 31st 2025 / Ambassadors
By Taylor Walton / YouTube

Learn how to dynamically manage Sysmon configurations across multiple customers using CoPilot and Wazuh in this step-by-step video guide!

May 31st 2025 / Ambassadors

Master Sysmon Config Management with CoPilot & Wazuh!

By Taylor Walton / YouTube

Learn how to dynamically manage Sysmon configurations across multiple customers using CoPilot and Wazuh in this step-by-step video guide!

Read more

>
De l’alerte au ticket sans lever le petit doigt

De l’alerte au ticket sans lever le petit doigt

>
May 21st 2025 / Ambassadors
By Killian Prin-Abeil / Aukfood

L’article décrit comment automatiser la gestion des alertes Wazuh via Tracecat : attribution de priorité et sévérité selon la réputation IP, puis création automatique de tickets avec commentaires enrichis issus des métadonnées de l’alerte.

May 21st 2025 / Ambassadors

De l’alerte au ticket sans lever le petit doigt

By Killian Prin-Abeil / Aukfood

L’article décrit comment automatiser la gestion des alertes Wazuh via Tracecat : attribution de priorité et sévérité selon la réputation IP, puis création automatique de tickets avec commentaires enrichis issus des métadonnées de l’alerte.

Read more

>
Optimising CTI through Wazuh and Yeti platform integration

Optimising CTI through Wazuh and Yeti platform integration

>
May 7th 2025 / Ambassadors
By Ekangwo Hernandez / Medium

Cyber threats are getting smarter, so should your defences. Using Wazuh for security monitoring, you already know it’s a powerhouse for detecting attacks, tracking vulnerabilities, and ensuring compliance. But what if you could make it even sharper?…

May 7th 2025 / Ambassadors

Optimising CTI through Wazuh and Yeti platform integration

By Ekangwo Hernandez / Medium

Cyber threats are getting smarter, so should your defences. Using Wazuh for security monitoring, you already know it’s a powerhouse for detecting attacks, tracking vulnerabilities, and ensuring compliance. But what if you could make it even sharper?…

Read more

>
Cryptographic Timestamping for Wazuh Archive Logs

Cryptographic Timestamping for Wazuh Archive Logs

>
May 4th 2025 / Ambassadors
By Zafer Balkan / Zafer Balkan Blog

In security monitoring environments, log files are not just activity records; they are often the primary evidence in incident response, threat investigations, and compliance audits. However, without cryptographic protections, logs can be altered, backdated…

May 4th 2025 / Ambassadors

Cryptographic Timestamping for Wazuh Archive Logs

By Zafer Balkan / Zafer Balkan Blog

In security monitoring environments, log files are not just activity records; they are often the primary evidence in incident response, threat investigations, and compliance audits. However, without cryptographic protections, logs can be altered, backdated…

Read more

>
Monitoring Chrome Browsing History on Linux with Wazuh for Enhanced Visibility

Monitoring Chrome Browsing History on Linux with Wazuh for Enhanced Visibility

>
April 10th 2025 / Ambassadors
By Rodrigo Pereira / Medium

This article demonstrates how to integrate Wazuh with Google Chrome on Linux to monitor user browsing history by extracting data with SQLite and forwarding it as JSON logs. The solution enables real-time visibility for forensic analysis and incident response through automated scripting and Wazuh configuration.

April 10th 2025 / Ambassadors

Monitoring Chrome Browsing History on Linux with Wazuh for Enhanced Visibility

By Rodrigo Pereira / Medium

This article demonstrates how to integrate Wazuh with Google Chrome on Linux to monitor user browsing history by extracting data with SQLite and forwarding it as JSON logs. The solution enables real-time visibility for forensic analysis and incident response through automated scripting and Wazuh configuration.

Read more

>
Enhancing IDS Event Detection for Cisco ASA Firewalls in Wazuh 2025

Enhancing IDS Event Detection for Cisco ASA Firewalls in Wazuh 2025

>
February 19th 2025 / Ambassadors
By Leandro Fernandes Correia / Medium

The Cisco ASA (Adaptive Security Appliance) is a robust security solution that combines firewall, VPN, and Intrusion Detection Service (IDS) functionalities. Its IDS component generates security events in a specific format,…

February 19th 2025 / Ambassadors

Enhancing IDS Event Detection for Cisco ASA Firewalls in Wazuh 2025

By Leandro Fernandes Correia / Medium

The Cisco ASA (Adaptive Security Appliance) is a robust security solution that combines firewall, VPN, and Intrusion Detection Service (IDS) functionalities. Its IDS component generates security events in a specific format,…

Read more

>