This lab demonstrates an alternative approach: deploying a dedicated probe server in promiscuous mode, equipped with Suricata and a Wazuh agent, in order to detect multiple categories of web attacks without installing any agent on the target application server.

The question less of whether Wazuh has every capability out of the box. But more of whether your team does.

This time I configured Wazuh to detect a SYN flood attack using a custom rule and a custom decoder that extracts the attacker’s IP from iptables kernel logs.

SOC lab to simulate a realistic phishing based attack chain and explore how Security Operations Center teams can detect malicious activity using endpoint telemetry and SIEM correlation with Wazuh.

This note is for people who try to deploy wazuh on ubuntu server 24.04

The article explains how to reduce alert noise with Wazuh, proactively detect threats, and reinvest savings into team training.

This guide outlines the complete process of integrating a Sophos XG/XGS Firewall with the Wazuh SIEM platform.

This project transforms a decommissioned low-cost TV Box into an operational network security node, combining DNS-level threat blocking with deep packet inspection, centralized log aggregation, and external threat intelligence enrichment.

The article explains how to integrate Stormshield firewall logs into Wazuh by creating custom decoders and rules to properly parse data, enable accurate alerting, and improve detection and response capabilities.