Wazuh

🧩 Problem

I wanted to simulate a real-world security environment in my homelab where I could detect and respond to SSH brute-force attacks and at the same time monitor my devices

🛠️ Solution Overview

I deployed Wazuh as a SIEM solution and configured it to detect SSH login attempts and automatically block malicious IPs.

🔧 Environment

Ubuntu Server (Wazuh Manager)
Linux target machine (with SSH enabled)
Public exposure via port forwarding

🚀 Step 1: Install Wazuh

curl -sO https://packages.wazuh.com/4.14/wazuh-install.sh && sudo bash ./wazuh-install.sh -a

After installation, accessed dashboard:

Posts for: #Wazuh

Setting up Wazuh SIEM with SSH Brute Force Attack Detection and Mitigation

🧩 Problem

🛠️ Solution Overview

🔧 Environment

🚀 Step 1: Install Wazuh