Intermediate Pro

Suricata IDS Logs Monitoring with Wazuh

Integrating and Monitoring Suricata Network Events (eve.json, DNS, TLS, SSH) Using Wazuh SIEM

Self-Paced by Rajneesh Gupta

Overview

In this project, you will integrate Suricata IDS logs with Wazuh SIEM for centralized monitoring.
You will configure Wazuh to ingest Suricata’s eve.json output, which includes DNS, TLS, and SSH logs.
This enables detection and visualization of network-based threats in real-time.
You’ll analyze Suricata events and create alerts for suspicious network activity.
By the end, you’ll have full IDS visibility inside the Wazuh Dashboard.
Configure Wazuh to parse Suricata’s eve.json logs

  • Monitor Suricata’s DNS, TLS, and SSH events
  • Create custom alert rules and visualize network data
  • Correlate IDS alerts with endpoint activity

What You'll Learn

  • Suricata–Wazuh Integration

    Learn to connect Suricata IDS with Wazuh SIEM for real-time log ingestion and analysis.

  • Log Parsing & Decoding

    Understand how Wazuh decoders interpret eve.json (DNS, TLS, SSH) fields.

  • Network Threat Detection

    Identify malicious traffic, suspicious domains, and unusual SSH connections.

  • Custom Alert Rules

    Configure Wazuh rules to trigger alerts based on Suricata event severity and categories.

Prerequisites

  • Complete [Installing Suricata IDS](https://haxcamp.com/projects/763b2bc5-6dfd-4be3-970e-b7307c058ab4)

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Apache Server Log Analysis using Splunk
Pro Intermediate

Apache Server Log Analysis using Splunk

Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM

Practical AWS Cloud Security Posture Assessment Using Scout Suite
Free Beginner

Practical AWS Cloud Security Posture Assessment Using Scout Suite

Identify real-world AWS attack surfaces through visual security posture analysis.

Wazuh + n8n + Anyrun: Automated Malware Analysis
Pro Intermediate

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.