Joining the Wazuh Ambassador Program

I’m excited to announce that I have officially joined the Wazuh Ambassador Program. This is a significant milestone in my journey with open-source security, and I’m honored to represent and contribute to a platform that has become central to my professional work.

My Journey with Wazuh

My path with host-based intrusion detection started long before Wazuh existed – with OSSEC, its predecessor. When Wazuh emerged as a fork and began evolving into the comprehensive security platform it is today, I transitioned along with it. That was over 10 years ago, and Wazuh has been an integral part of my security infrastructure work ever since.

What started as implementing SIEM solutions for enterprise environments evolved into active contributions to the ecosystem. Over the years, I’ve gained deep experience in deploying Wazuh across various environments – from small startups to large enterprise infrastructures with thousands of agents.

Open-Source Contributions to Wazuh Ecosystem

Throughout my journey, I’ve developed several open-source tools that extend Wazuh capabilities:

• docker-wazuh-agent - A containerized Wazuh agent solution that simplifies deployment in Docker and Kubernetes environments
• wazuh-prometheus-exporter - Enabling Wazuh metrics integration with Prometheus for comprehensive observability
• wazuh-llama-3.1-8B-v1 - LLaMA 3.1 8B Instruct model fine-tuned for advanced Wazuh security log analysis with instruction-following capabilities
• hf/wazuh-llama-3.1-8B-assistant - Huggingface LLaMA 3.1 8B Instruct model fine-tuned for advanced Wazuh security log analysis with instruction-following capabilities
• Custom rule development and integration patterns for enterprise security operations

These projects emerged from real-world challenges in deploying and operating Wazuh at scale, and I’m grateful they’ve helped others in the community.

The Wazuh Ecosystem in Depth

Understanding the full scope of the Wazuh ecosystem is essential for appreciating its role in modern security operations. Wazuh is not merely a single tool but a comprehensive platform composed of several integrated components.

The Wazuh Manager serves as the central processing engine, receiving and analyzing security data from agents deployed across the infrastructure. It correlates events against its extensive ruleset, which contains thousands of detection rules covering authentication failures, file integrity changes, rootkit detection, vulnerability assessment, and compliance monitoring.

The Wazuh Indexer, built on OpenSearch, provides the storage and search backend for all security events. This enables security teams to perform historical analysis, create custom dashboards, and execute complex queries across millions of events. The indexer supports multi-tenant configurations, making it suitable for managed security service providers who need to isolate data between customers.

The Wazuh Dashboard offers a web-based interface for security analysts to investigate alerts, visualize trends, and manage agent deployments. Its modular design supports custom visualizations and integrations with external ticketing systems for incident management workflows.

Why Wazuh Matters for Modern Security

Wazuh has evolved significantly from its OSSEC roots into a comprehensive security platform. Today it provides:

• Unified XDR and SIEM capabilities - Single platform for threat detection, incident response, and compliance
• Cloud-native security monitoring - Native support for AWS, Azure, GCP, and Kubernetes environments
• Flexible deployment options - On-premises, cloud, or hybrid architectures
• Active community and regular updates - Continuous improvement driven by real-world security needs

For organizations looking to implement robust security monitoring without enterprise licensing costs, Wazuh provides a production-ready solution backed by professional support options.

What This Means Going Forward

As a Wazuh Ambassador, I’m committing to deeper engagement with the global security community through:

Technical Content and Knowledge Sharing

I’ll be publishing more in-depth articles covering Wazuh deployment patterns, integration strategies, and advanced use cases. Expect content on topics like:

• Multi-tenant SIEM architectures
• Wazuh integration with cloud-native security tools
• Machine learning approaches for threat detection using Wazuh data
• Performance optimization for large-scale deployments

You can already explore my existing Wazuh content, including the Wazuh Integration with Ollama series and Security Event Analysis with Wazuh LLM.

Tech Talks and Community Events

I’m looking forward to participating in conferences, webinars, and community meetups to share knowledge and learn from fellow security practitioners. Building connections within the security community is essential for advancing our collective capabilities.

Third-Party Development

Continued development of tools and integrations that extend Wazuh’s capabilities, with focus on:

• Container and Kubernetes-native solutions
• Observability and monitoring integrations
• AI/ML-powered security analysis tooling

Check out my work on Container Image Security with Wazuh and Trivy for an example of practical Wazuh integrations.

Specific Contributions and Planned Initiatives

Beyond the general commitment areas outlined above, several concrete initiatives are already underway:

Custom Wazuh Rule Packs: Development of specialized detection rule packs targeting container escape techniques, Kubernetes RBAC misconfigurations, and CI/CD pipeline security events. These rule packs will be published as open-source repositories with full documentation and testing guidelines.

Integration Blueprints: Documented architecture patterns for integrating Wazuh with popular DevOps toolchains, including GitLab CI/CD, ArgoCD, and Terraform. Each blueprint will include reference configurations, deployment scripts, and validation procedures.

Community Workshops: Planned hands-on workshop sessions covering Wazuh deployment automation, custom decoder development, and advanced rule writing techniques. These sessions will be designed for both beginners and experienced practitioners seeking to deepen their Wazuh expertise.

Resources for Getting Started with Wazuh

If you’re new to Wazuh or looking to expand your knowledge, here are some resources:

• Official Wazuh Documentation - Comprehensive guides and reference materials
• Wazuh GitHub Repository - Source code and community contributions
• Wazuh Documentation RAG - My guide on building AI-powered documentation search
• MARK Security Platform - Threat intelligence platform with native Wazuh integration

Connect with Me

If you’re working with Wazuh or exploring open-source SIEM solutions, I’d love to connect. Whether you’re facing deployment challenges, looking for integration ideas, or want to collaborate on community projects – reach out.

Here’s to building more secure infrastructure together.

Follow my work on GitHub and Telegram, and stay tuned for upcoming technical content.

See also

• Ollama in Wazuh Dashboard: AI Security Analysis
• Two LLM Security Assistants for Wazuh and AWS Analysis
• Wazuh LLM: Fine-Tuned Llama 3.1 for Security Analysis
• Building ML Threat Intelligence with Honeypot Data
• Boosting Container Image Security Using Wazuh and Trivy