Active Response plugin. Osquery to execute wazuh/ossec active response plugins. You can write your own plugins, easy to plug

Command-line interface for the Wazuh REST API - agents, alerts, vulnerabilities, active response and live TUI dashboard

Enterprise-grade Wazuh SIEM/XDR + TheHive IRP deployment on WSL2 and Docker: detection engineering, MITRE ATT&CK mapping, automated active response, SOC dashboards & incident case management. Full SOC pipeline across 9 phases.

Active Response for Cloudflare API

A collection of Python utilities and build artifacts used to package and sign small Windows helper applications for interacting with Wazuh and endpoint workflows. This repository contains tools for isolation handling, application registration, threat removal helpers, and desktop notifications.

Enterprise Wazuh SIEM configuration with VirusTotal & MISP threat intelligence, OPNsense & MikroTik monitoring, automated active responses, Telegram SOC alerts, custom decoders/rules, and a Dockerized syslog collector. Includes MITRE ATT&CK mappings and ready-to-import dashboards.

Wazuh EDR deployment guide - Docker single-node manager with Linux agents, active response automation and vulnerability management

SOC Zero Trust con deteccion y respuesta activa open source — TFG ASIR IES Valle Inclan 2025-2026

This SOC semi-automation project integrates Wazuh, Shuffle, IRIS, MISP, Google Chat, and Grafana to handle and respond security incidents targeting DVWA on both Windows and Ubuntu. Goals: to execute automated security workflows for event collection, alert escalation, and incident response based on administrator decisions.

Wazuh SOC home lab showcasing SIEM deployment, Windows and Linux endpoint monitoring, Sysmon, File Integrity Monitoring, custom alert tuning, and automated Active Response. Includes attack simulations, detection analysis, and Python-based SOAR-style enrichment.

Complete Wazuh YARA configuration guide

Complete Wazuh SOC Lab featuring custom DLP rules, Active Response, Telegram alerting, and advanced threat hunting dashboards.

Windows DFIR scanner for unauthorized RMM tools, living-off-the-land traces, endpoint trust health, and Watch Preview alerts.

SOC Automation Project (Wazuh, TheHive and Shuffle)

Network Intrusion Detection with Suricata integrated into Wazuh SIEM

Enterprise SIEM implementation using Wazuh with FIM, YARA malware detection, and automated Active Response

MODINE IDEAL: A High-Performance Cyber Defense & Intelligence Ecosystem. Engineered for proactive Threat Hunting, Zero-Day detection, and Automated Incident Response. Leveraging Wazuh and MITRE ATT&CK mapping to transform passive monitoring into an active security stronghold.

Wazuh Active Response Script to Add IP to `ipset` List

Self-hosted threat feed service with reputation scoring, auto-promotion to permanent block, and FortiGate External Block List support