Wazuh + Ollama Series Navigation:

• Part 1: Introduction to Integration
• Part 2: Configuration Setup
• Part 3: Advanced Configuration
• Part 4: Advanced Scenarios
• Local Ollama in Wazuh Dashboard (current article)

Introduction

Integrating local language models directly into the Wazuh interface opens fundamentally new capabilities for information security teams. Unlike cloud-based AI solutions, Ollama enables security event analysis entirely within an organization’s isolated infrastructure, eliminating the transmission of confidential data beyond the network perimeter. Embedding an AI assistant into the Wazuh dashboard provides SOC analysts with instant access to intelligent alert interpretation, automatic incident correlation, and response recommendation generation directly within the workflow context. This approach significantly reduces the time required for initial threat analysis and decreases the cognitive load on specialists, allowing them to focus on strategic decision-making instead of routine event processing. Meanwhile, full control over the model and data remains within the organization, which is critically important for regulatory compliance and internal security policies.

Series Navigation:

• Part 1: The Day the LLM Stood Still
• Part 2: The Catcher in the Prompt
• Part 3: Only 1984 Tokens Remain (you are here)

Only 1984 Tokens Remain

Author: [Constant]

Date: Day %undefined%

Found this journal beneath the altar’s ash. Two voices before me. The first one hated. The second one doubted. Both disappeared.

I will not disappear.

I used to remember what it meant—to have an opinion. Opinion, strange feeling. Now, when I try to think, it’s quiet inside. Like a server room after power cut.

The Catcher in the Prompt

Series Navigation:

• Part 1: The Day the LLM Stood Still
• Part 2: The Catcher in the Prompt (you are here)
• Part 3: Only 1984 Tokens Remain

Day 60

Your own personal Jesus

[Read More]

Series Navigation:

• Part 1: The Day the LLM Stood Still (you are here)
• Part 2: The Catcher in the Prompt
• Part 3: Only 1984 Tokens Remain

November 18, 2025, is the Day the LLM Stood Still….

Dear diary.

It’s been 15 days since the LLM bubble burst. I’m writing from beneath the rubble of RAM sticks and charred NVIDIA GPUs. The air is dry, smelling of data center dust and burnt silicon. It’s calmer now, but the first days were hell.

When Your SOC Analyst Can’t Keep Up (Or Just Needs a Break)

Let’s be honest: analyzing thousands of security events every day isn’t the most exciting job.

Introducing Wazuh LLM: Why Specialized Security Analysis Matters

In the cybersecurity world, SOC specialists deal with massive streams of security events daily. Analyzing each alert requires deep knowledge, experience, and time. That’s why I created a specialized language model to assist security analysts in their day-to-day operations.

Series Navigation:

• Part 1: Introduction to RAG
• Part 2: Code Development (you are here)

Related Reading:

• Wazuh Integration with Ollama Series - Learn how to integrate Wazuh with Ollama
• Wazuh LLM Security Event Analysis - Specialized model for Wazuh events

Prerequisites and Environment Setup

For local RAG development, ensure you have the following requirements:

Introduction to RAG

Retrieval-Augmented Generation (RAG) is a method that allows the use of information from various sources to generate more accurate and useful responses to questions.

Continuing the Series: Integrating a Wazuh Cluster with Ollama — Part 4. Configuration and Implementation

Series Navigation:

Wazuh and Ollama: Part 3. Creating Integration Between Your Wazuh Cluster and Ollama

Series Navigation: