This project demonstrates the deployment and configuration of Wazuh as a Security Information and Event Management (SIEM) system and Host-based Intrusion Detection System (HIDS). It includes config files, automation scripts, alert samples, and dashboard screenshots for reference and reproducibility.
- Wazuh Manager & Agent setup (on Linux)
- Custom alert rules and log collection
- Sample integration with Suricata and Cowrie
- Kibana/OpenSearch dashboard visualizations
- Auto-installation script for quick deployment
configuration/– Wazuh Manager and Agent configuration filesalerts/– Sample alerts captured during malware and rule testingscreenshot/– Dashboards and alert views for visibilityscripts/– Automated installation and setup scriptswazuh-installation-guide.md– Step-by-step deployment instructions
A collection of real-world detections and monitoring events using Wazuh:
Wazuh blocks known malicious IP addresses to prevent external attacks.
Monitors multiple failed login attempts and triggers alerts.
Detecting Hidden Processes
Reveals stealthy or hidden processes trying to evade detection.
Wazuh integrates with VirusTotal to verify suspicious files.
Detects attempts to exploit Bash vulnerabilities like Shellshock.
Alerts on the execution of non-whitelisted or suspicious processes.
Detects unauthorized changes to critical system files.
Tracks execution of known malicious or suspicious commands.
Observes security-relevant Docker events.
Alerts on patterns related to SQL injection attempts.
Detects known software vulnerabilities based on CVEs.
git clone https://github.com/your-username/wazuh-deployment.git
cd wazuh-deployment
bash scripts/install_wazuh.shThis project is licensed under the MIT License. You are free to use, modify, and distribute it with attribution.
Ijaz Ahmad Cybersecurity Engineer | Blue Team Specialist 📧 Email: [email protected] 🌐 [LinkedIn Profile] https://linkedin.com/in/ijaz-ahmad-afridi