Lightweight Rust intrusion-signal monitor for Linux VPS hosts with alerts, active response, baselines, and a fleet panel.
Command-line interface for the Wazuh REST API - agents, alerts, vulnerabilities, active response and live TUI dashboard
Enterprise-grade Wazuh SIEM/XDR + TheHive IRP deployment on WSL2 and Docker: detection engineering, MITRE ATT&CK mapping, automated active response, SOC dashboards & incident case management. Full SOC pipeline across 9 phases.
Active Response for Cloudflare API
A collection of Python utilities and build artifacts used to package and sign small Windows helper applications for interacting with Wazuh and endpoint workflows. This repository contains tools for isolation handling, application registration, threat removal helpers, and desktop notifications.
Enterprise Wazuh SIEM configuration with VirusTotal & MISP threat intelligence, OPNsense & MikroTik monitoring, automated active responses, Telegram SOC alerts, custom decoders/rules, and a Dockerized syslog collector. Includes MITRE ATT&CK mappings and ready-to-import dashboards.
Wazuh EDR deployment guide - Docker single-node manager with Linux agents, active response automation and vulnerability management
Complete Wazuh YARA configuration guide
This SOC semi-automation project integrates Wazuh, Shuffle, IRIS, MISP, Google Chat, and Grafana to handle and respond security incidents targeting DVWA on both Windows and Ubuntu. Goals: to execute automated security workflows for event collection, alert escalation, and incident response based on administrator decisions.
SOC Zero Trust con deteccion y respuesta activa open source — TFG ASIR IES Valle Inclan 2025-2026
Wazuh SOC home lab showcasing SIEM deployment, Windows and Linux endpoint monitoring, Sysmon, File Integrity Monitoring, custom alert tuning, and automated Active Response. Includes attack simulations, detection analysis, and Python-based SOAR-style enrichment.
Complete Wazuh SOC Lab featuring custom DLP rules, Active Response, Telegram alerting, and advanced threat hunting dashboards.
Wazuh Wanguard Andrisoft Integration active-response
HIPS-OOP: A multi-threaded endpoint security agent (Java) and dashboard (PHP/MySQL) featuring FIM, network telemetry tracking, local SQLite caching, input-injection hardening, and MITRE ATT&CK integration.
SOC Automation Project (Wazuh, TheHive and Shuffle)
Network Intrusion Detection with Suricata integrated into Wazuh SIEM
Self-hosted threat feed service with reputation scoring, auto-promotion to permanent block, and FortiGate External Block List support
Windows DFIR scanner for unauthorized RMM tools, living-off-the-land traces, endpoint trust health, and Watch Preview alerts.
Enterprise SIEM implementation using Wazuh with FIM, YARA malware detection, and automated Active Response
Add a description, image, and links to the active-response topic page so that developers can more easily learn about it.
To associate your repository with the active-response topic, visit your repo's landing page and select "manage topics."