Ongoing documentation for blocks-lab
Collection of articles focused on my best practices for configuring SIEM systems
Explore my work. 🐸
SIEM Crafting
Detecting Suspicious Office 365 Emails with Wazuh
In this scenario, I demonstrate my approach for alerting on suspicious emails received in the Office 365 email ecosystem using Wazuh. The alerting logic is based on SPF/DKIM/DMARC DNS records …
Automated File Integrity Monitoring Deployment Using Ansible on Wazuh
This solution provides a fast, structured, and repeatable way to configure file integrity monitoring across multiple Wazuh agents …