Intermediate Free

Detecting Suspicious Network Traffic using Wazuh

End-to-end detection of scans, brute-force, and noisy DNS from endpoint/network logs

Self-Paced by Rajneesh Gupta

Overview

This project walks you through setting up Suricata IDS integrated with the Wazuh SIEM platform to detect
suspicious network traffic. Suricata analyzes live packets and generates alerts for abnormal or malicious activity,
which are then ingested and correlated in Wazuh for centralized monitoring.

By the end of this project, you will:

  • Configure Suricata IDS on Ubuntu and forward logs to Wazuh.
  • Simulate real-world attacker techniques such as port scanning, ICMP flooding, and ARP spoofing using Kali Linux.
  • Detect, investigate, and analyze Suricata alerts in the Wazuh Dashboard.
  • Map detections to MITRE ATT&CK techniques for threat context and SOC workflows.

What You'll Learn

  • Suricata IDS Fundamentals

    Understand how Suricata detects suspicious network traffic using signatures, rulesets, and protocol analysis.

  • Wazuh Integration & Monitoring

    Learn to forward Suricata’s eve.json alerts to Wazuh for centralized monitoring, dashboards, and correlation.

  • Hands-on Attack Simulation

    Perform controlled network attacks from Kali Linux (Port Scan, ICMP Flood, ARP Spoofing) and validate detection in Wazuh.

  • Detection & Investigation

    Analyze alerts, attacker IPs, packet anomalies, and protocol behaviors in the Wazuh Dashboard, and align them with MITRE ATT&CK.

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Linux File System Analysis
Free Beginner

Linux File System Analysis

Practical triage of Linux file systems for anomalies, metadata, and hidden files

Apache Server Log Analysis using Splunk
Pro Intermediate

Apache Server Log Analysis using Splunk

Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM

Practical AWS Cloud Security Posture Assessment Using Scout Suite
Free Beginner

Practical AWS Cloud Security Posture Assessment Using Scout Suite

Identify real-world AWS attack surfaces through visual security posture analysis.