Hands-on detection engineering and security monitoring with Wazuh
Collection of articles focused on my best practices
Explore my work. đ¸
Detecting User Creation and Privilege Escalation on Windows
In this part, we implement detection and alerting for user creation and privilege assignment activities on Windows systems …
Agent Onboarding on Linux with Bash
This simple Bash script helps deploy Wazuh agents on Linux systems …
Investigation of User Creation and Privilege Escalation on Linux
Letâs see how to configure the SIEM to detect and alert on user creation and privilege assignment activities on Linux systems …
Detecting Suspicious Office 365 Emails with Wazuh
In this scenario, I demonstrate my approach for alerting on suspicious emails received in the Office 365 email ecosystem using Wazuh. The alerting logic is based on SPF/DKIM/DMARC DNS records configured on the senderâs domain …
Featured Posts
Automated File Integrity Monitoring Deployment Using Ansible on Wazuh
This solution provides a fast, structured, and repeatable way to configure file integrity monitoring across multiple Wazuh agents …
Services
Phishing Email Investigation
I analyze suspicious emails to determine whether they are legitimate, phishing attempts, or potentially malicious, and provide clear, actionable insights …