Practical Wazuh and open-source SIEM tutorials
Write YARA malware detection rules from scratch: rule syntax, analyzing samples to find unique indicators, advanced PE module conditions, entropy-based packing detection, and free rule collections to get started.
Free threat intelligence sources — AlienVault OTX, Feodo tracker, VirusTotal API — with Python code to consume feeds and Wazuh integration for automatic IOC-based detection.
Top 10 SIEM detection use cases with real Wazuh rules and Splunk/Sentinel KQL — brute force, lateral movement, ransomware, data exfiltration, and credential dumping detection.
Security logging best practices — what events to log, critical Windows and Linux audit rules, building effective alerts with Wazuh, and protecting log integrity from attackers.
Learn how to implement network security monitoring using open-source tools like Zeek, Suricata, and Security Onion to detect threats on your network in real time.
Write and tune detection rules in Splunk, Elastic, and Wazuh — with real queries for brute force, ransomware, credential dumping, and lateral movement.
Learn proactive threat hunting using Splunk, Zeek, and Sysmon — with real detection queries for LOLBins, DNS tunneling, lateral movement, and C2 beaconing.
Vulnerability management is the process of continuously finding, prioritizing, and fixing security weaknesses. Learn how to set up a vulnerability management program using free tools like OpenVAS and Nessus Essentials.
A practical getting-started guide to building a free, enterprise-grade SIEM with Wazuh — covers architecture, installation on Ubuntu, agent deployment on Windows and Linux, and key out-of-the-box detections.