Wazuh decoder XML files define how raw log lines are parsed into structured security events. A misconfigured decoder – a missing <order> element, an orphaned parent reference, or a regex group mismatch – can silently drop critical fields from alerts, leaving blind spots in your SIEM pipeline. Manual code review catches some of these issues, but it does not scale across hundreds of decoder files shipped with Wazuh or maintained by your organization.
Ollama in Wazuh Dashboard: AI Security Analysis
Introduction
Integrating local language models directly into the Wazuh interface opens fundamentally new capabilities for information security teams. Unlike cloud-based AI solutions, Ollama enables security event analysis entirely within an organization’s isolated infrastructure, eliminating the transmission of confidential data beyond the network perimeter. Embedding an AI assistant into the Wazuh dashboard provides SOC analysts with instant access to intelligent alert interpretation, automatic incident correlation, and response recommendation generation directly within the workflow context. This approach significantly reduces the time required for initial threat analysis and decreases the cognitive load on specialists, allowing them to focus on strategic decision-making instead of routine event processing. Meanwhile, full control over the model and data remains within the organization, which is critically important for regulatory compliance and internal security policies.
[Read More]Two LLM Security Assistants for Wazuh and AWS Analysis
When Your SOC Analyst Can’t Keep Up (Or Just Needs a Break)
Let’s be honest: analyzing thousands of security events every day isn’t the most exciting job.
[Read More]Wazuh LLM: Fine-Tuned Llama 3.1 for Security Analysis
Introducing Wazuh LLM: Why Specialized Security Analysis Matters
In the cybersecurity world, SOC specialists deal with massive streams of security events daily. Analyzing each alert requires deep knowledge, experience, and time. That’s why I created a specialized language model to assist security analysts in their day-to-day operations.
[Read More]Enhancing Wazuh with Ollama: Cybersecurity Boost (Part 4)
Continuing the Series: Integrating a Wazuh Cluster with Ollama — Part 4. Configuration and Implementation
Related: Check out our Wazuh LLM fine-tuned model for specialized security event analysis.
[Read More]Enhancing Wazuh with Ollama: Cybersecurity Boost (Part 3)
Wazuh and Ollama: Part 3. Creating Integration Between Your Wazuh Cluster and Ollama
Wazuh offers vast and nearly limitless possibilities for integration with various systems. Even if a specific feature is missing, you can always create your own custom integration.
[Read More]Enhancing Wazuh with Ollama: Cybersecurity Boost (Part 2)
Wazuh and Ollama: Part 2. Deploying the Wazuh Cluster
Now it’s time to set up Wazuh, which we will integrate with Ollama.
[Read More]Enhancing Wazuh with Ollama: Cybersecurity Boost (Part 1)
How to Set Up a Custom Integration between Wazuh and MARK
Introduction
Integrating Wazuh SIEM with MARK (Mitigation Anomaly Revelation Keeper) enables automated threat detection and enriches security alerts with intelligence data. This guide walks you through setting up a custom integration for enhanced SOC operations.
[Read More]Mitigation Anomaly Revelation Keeper(MARK)
Overview
Mitigation Anomaly Revelation Keeper (MARK) is an advanced security platform designed to proactively defend against cyber threats by leveraging cutting-edge IP reputation analysis and machine learning. With a focus on identifying and neutralizing malicious actors, MARK offers unparalleled insight into attacker behavior and statistical trends to fortify your organization’s defenses.
[Read More]