Intermediate Free

Windows Log Monitoring with Wazuh

Real-Time Windows Event and Sysmon Log Analysis Using Wazuh SIEM

Self-Paced by Rajneesh Gupta

Overview

This project focuses on configuring Wazuh SIEM to monitor and analyze Windows event logs and Sysmon telemetry.
You will deploy Wazuh Manager, Dashboard, and Windows Agent to collect and visualize logs.
The integration of Sysmon (with SwiftOnSecurity config) enhances endpoint visibility and event detail.
By the end, you will have a complete monitoring setup capable of detecting suspicious process executions, network connections, and privilege escalations.

Objectives

  • Deploy and configure Wazuh for centralized Windows log collection
  • Integrate Sysmon using SwiftOnSecurity configuration
  • Analyze Sysmon and Windows event logs for threat detection
  • Create custom alert rules in Wazuh for Sysmon-based detections

What You'll Learn

  • Wazuh & Sysmon Integration

    Learn to collect and analyze Windows telemetry using Sysmon integrated with Wazuh.

  • SwiftOnSecurity Configuration

    Use an optimized Sysmon config to capture meaningful security data while filtering noise.

  • Advanced Log Analysis

    Detect process creation, network connections, and privilege escalations.

  • Custom Alert Rules

    Write and implement Wazuh rules to identify suspicious Sysmon activities.

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Apache Server Log Analysis using Splunk
Pro Intermediate

Apache Server Log Analysis using Splunk

Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM

Practical AWS Cloud Security Posture Assessment Using Scout Suite
Free Beginner

Practical AWS Cloud Security Posture Assessment Using Scout Suite

Identify real-world AWS attack surfaces through visual security posture analysis.

Wazuh + n8n + Anyrun: Automated Malware Analysis
Pro Intermediate

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.