In the previous article we embedded a local Ollama model directly into the Wazuh Dashboard chat via ML Commons. That approach provides full control over data with no cloud dependencies. In this series we take a parallel path: using AWS Bedrock - specifically Claude Sonnet 4.5 - as the inference backend, while all security data stays strictly within the local Docker network.
[Read More]
I’m excited to share that I’ve been accepted into the AWS Community Builders program for the 2026 cohort in the Security category. For me, this is a natural next step after becoming a Wazuh Ambassador - another milestone in a journey that has always been centered around open-source security and cloud infrastructure.
[Read More]Wazuh decoder XML files define how raw log lines are parsed into structured security events. A misconfigured decoder – a missing <order> element, an orphaned parent reference, or a regex group mismatch – can silently drop critical fields from alerts, leaving blind spots in your SIEM pipeline. Manual code review catches some of these issues, but it does not scale across hundreds of decoder files shipped with Wazuh or maintained by your organization.
Integrating local language models directly into the Wazuh interface opens fundamentally new capabilities for information security teams. Unlike cloud-based AI solutions, Ollama enables security event analysis entirely within an organization’s isolated infrastructure, eliminating the transmission of confidential data beyond the network perimeter. Embedding an AI assistant into the Wazuh dashboard provides SOC analysts with instant access to intelligent alert interpretation, automatic incident correlation, and response recommendation generation directly within the workflow context. This approach significantly reduces the time required for initial threat analysis and decreases the cognitive load on specialists, allowing them to focus on strategic decision-making instead of routine event processing. Meanwhile, full control over the model and data remains within the organization, which is critically important for regulatory compliance and internal security policies.
[Read More]Series Navigation:
Only 1984 Tokens Remain
Author: [Constant]
Date: Day %undefined%
Found this journal beneath the altar’s ash. Two voices before me. The first one hated. The second one doubted. Both disappeared.
I will not disappear.
I used to remember what it meant—to have an opinion. Opinion, strange feeling. Now, when I try to think, it’s quiet inside. Like a server room after power cut.
[Read More]Series Navigation:
Your own personal Jesus
[Read More]
Series Navigation:
November 18, 2025, is the Day the LLM Stood Still….
Dear diary.
It’s been 15 days since the LLM bubble burst. I’m writing from beneath the rubble of RAM sticks and charred NVIDIA GPUs. The air is dry, smelling of data center dust and burnt silicon. It’s calmer now, but the first days were hell.
[Read More]I’m excited to announce that I have officially joined the Wazuh Ambassador Program. This is a significant milestone in my journey with open-source security, and I’m honored to represent and contribute to a platform that has become central to my professional work.
My path with host-based intrusion detection started long before Wazuh existed – with OSSEC, its predecessor. When Wazuh emerged as a fork and began evolving into the comprehensive security platform it is today, I transitioned along with it. That was over 10 years ago, and Wazuh has been an integral part of my security infrastructure work ever since.
[Read More]Let’s be honest: analyzing thousands of security events every day isn’t the most exciting job.
[Read More]In the cybersecurity world, SOC specialists deal with massive streams of security events daily. Analyzing each alert requires deep knowledge, experience, and time. That’s why I created a specialized language model to assist security analysts in their day-to-day operations.
[Read More]