Two AI Assistants for Cybersecurity: Wazuh and AWS Under the LLM Microscope

 Posted on October 7, 2025  |  8 minutes  |  1703 words  |  pyToshka  • Other languages: Русский

When Your SOC Analyst Can’t Keep Up (Or Just Needs a Break)

Let’s be honest: analyzing thousands of security events every day isn’t the most exciting job.

[Read More]
devsecops  wazuh  aws  security  ai  llm  ollama  machine learning  threat detection  automation  cloud security  huggingface 

Introducing Wazuh LLM: Fine-Tuned Llama 3.1 for Security Event Analysis

 Posted on October 2, 2025  (Last modified on October 3, 2025)  |  9 minutes  |  1916 words  |  pyToshka  • Other languages: Русский

Introducing Wazuh LLM: Why Specialized Security Analysis Matters

In the cybersecurity world, SOC specialists deal with massive streams of security events daily. Analyzing each alert requires deep knowledge, experience, and time. That’s why I created a specialized language model to assist security analysts in their day-to-day operations.

[Read More]
devsecops  wazuh  security  research  devops  llm  ollama  machine learning  cybersecurity  automation  monitoring  incident response  threat intelligence  security operations  log analysis  ai  fine-tuning  MITRE ATT&CK 

Boosting Container Image Security Using Wazuh and Trivy

 Posted on March 28, 2025  (Last modified on October 2, 2025)  |  5 minutes  |  941 words  |  pyToshka  • Other languages: Русский

This article draws inspiration from the Wazuh blog post on enhancing container image security with Wazuh and Trivy.

Containerization has revolutionized software development and deployment, offering scalability and efficiency.

However, this agility can introduce security risks if container images aren’t properly secured.

Vulnerabilities within these images can expose your entire system to threats. This is where the combined power of Wazuh and Trivy comes in.

These open-source tools provide a comprehensive solution for boosting your container image security, ensuring your applications are protected from the ground up.

[Read More]
container security  vulnerability scanning  image scanning  cve detection  security monitoring  wazuh  docker security  devsecops  vulnerability management  security best practices  trivy integration  container runtime security  kubernetes security  compliance scanning 

Applying RAG for Working with Wazuh Documentation: A Step-by-Step Guide (Part 2)

 Posted on March 5, 2025  (Last modified on October 2, 2025)  |  5 minutes  |  1002 words  |  pyToshka  • Other languages: Русский

Series Navigation:

Related Reading:

Prerequisites and Environment Setup

For local RAG development, ensure you have the following requirements:

[Read More]
devsecops  wazuh  security  devops  llm  LLMs for documentation  ollama  machine learning  cybersecurity  RAG  Retrieval-Augmented Generation  ai 

Applying RAG for Wazuh Documentation: A Step-by-Step Guide (Part 1)

 Posted on March 2, 2025  (Last modified on October 2, 2025)  |  4 minutes  |  659 words  |  pyToshka  • Other languages: Русский

Introduction to RAG

Retrieval-Augmented Generation (RAG) is a method that allows the use of information from various sources to generate more accurate and useful responses to questions.

[Read More]
devsecops  wazuh  security  devops  llm  LLMs for documentation  ollama  machine learning  cybersecurity  RAG  Retrieval-Augmented Generation  NLP for documentation  RAG for Wazuh  ai 

Enhancing Wazuh with Ollama: Boosting Cybersecurity (Part 4)

 Posted on March 1, 2025  (Last modified on October 2, 2025)  |  7 minutes  |  1344 words  |  pyToshka  • Other languages: Русский

Continuing the Series: Integrating a Wazuh Cluster with Ollama — Part 4. Configuration and Implementation

Series Navigation:

[Read More]
devsecops  wazuh  security  research  devops  llm  ollama  machine learning  cybersecurity  automation  monitoring  incident response  threat intelligence  security operations  log analysis  ai 

Enhancing Wazuh with Ollama: Boosting Cybersecurity (Part 3)

 Posted on February 27, 2025  (Last modified on October 2, 2025)  |  4 minutes  |  849 words  |  pyToshka  • Other languages: Русский

Wazuh and Ollama: Part 3. Creating Integration Between Your Wazuh Cluster and Ollama

Series Navigation:

[Read More]
devsecops  wazuh  security  research  devops  llm  ollama  machine learning  cybersecurity  automation  monitoring  incident response  threat intelligence  security operations  log analysis  ai 

Enhancing Wazuh with Ollama: Boosting Cybersecurity (Part 2)

 Posted on February 26, 2025  (Last modified on October 2, 2025)  |  4 minutes  |  640 words  |  pyToshka  • Other languages: Русский

Wazuh and Ollama: Part 2. Deploying the Wazuh Cluster

Series Navigation:

[Read More]
devsecops  wazuh  security  research  devops  llm  ollama  machine learning  cybersecurity  automation  monitoring  incident response  threat intelligence  security operations  log analysis  ai 

Enhancing Wazuh with Ollama: A Cybersecurity Boost (Part 1)

 Posted on February 24, 2025  (Last modified on October 2, 2025)  |  3 minutes  |  570 words  |  pyToshka  • Other languages: Русский

Introduction

Welcome to the first part of our guide on enhancing Wazuh with Ollama!

[Read More]
devsecops  wazuh  security  research  devops  llm  ollama  machine learning  cybersecurity  automation  monitoring  incident response  threat intelligence  security operations  log analysis  ai 

How to Set Up a Custom Integration between Wazuh and MARK

 Posted on December 17, 2024  (Last modified on October 2, 2025)  |  2 minutes  |  411 words  |  pyToshka  • Other languages: Русский

Introduction

Integrating Wazuh SIEM with MARK (Mitigation Anomaly Revelation Keeper) enables automated threat detection and enriches security alerts with intelligence data. This guide walks you through setting up a custom integration for enhanced SOC operations.

[Read More]
devsecops  wazuh  security  mark  devops  ml  ai  integration  siem  threat detection  incident response  automation