Beginner Free

Linux File Integrity Monitoring using Wazuh

Detecting Unauthorized File Changes with Wazuh SIEM

Self-Paced by Rajneesh Gupta

Overview

This project walks you through setting up Suricata IDS integrated with the Wazuh SIEM platform to detect suspicious
network traffic. Suricata inspects live network packets and generates alerts for malicious or abnormal behavior, which
are then ingested and correlated in Wazuh for centralized visibility.

By the end of this project, you will:

  • Configure Suricata IDS on a Linux machine and forward logs to Wazuh.
  • Simulate common attacker behaviors such as port scanning, noisy DNS queries, and malicious HTTP requests.
  • Detect and analyze Suricata alerts inside the Wazuh Dashboard.
  • Map alerts to MITRE ATT&CK techniques for better threat context.

What You'll Learn

  • File Integrity Monitoring Fundamentals

    Understand how Wazuh monitors critical files, detects modifications, and generates alerts in real time.

  • Integration with Wazuh SIEM

    Learn how monitored events are forwarded to the Wazuh Manager and displayed in the Dashboard for analysis.

  • Attack Simulation

    Simulate realistic adversary behavior by altering /etc/passwd, sshd_config, and /etc/crontab to mimic persistence and defense evasion tactics.

  • Detection & Investigation

    Detect unauthorized modifications in the Wazuh Dashboard, analyze changes, and correlate them with MITRE ATT&CK persistence techniques.

Prerequisites

  • Knowledge Required

    Basic Linux command-line usage

  • Knowledge Required

    Understanding of Linux system files (`/etc/passwd`, `/etc/ssh/sshd_config`, `/etc/crontab`)

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Apache Server Log Analysis using Splunk
Pro Intermediate

Apache Server Log Analysis using Splunk

Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM

Practical AWS Cloud Security Posture Assessment Using Scout Suite
Free Beginner

Practical AWS Cloud Security Posture Assessment Using Scout Suite

Identify real-world AWS attack surfaces through visual security posture analysis.

Wazuh + n8n + Anyrun: Automated Malware Analysis
Pro Intermediate

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.