Active Response plugin. Osquery to execute wazuh/ossec active response plugins. You can write your own plugins, easy to plug

Enterprise-grade Wazuh SIEM/XDR + TheHive IRP deployment on WSL2 and Docker: detection engineering, MITRE ATT&CK mapping, automated active response, SOC dashboards & incident case management. Full SOC pipeline across 9 phases.

Command-line interface for the Wazuh REST API - agents, alerts, vulnerabilities, active response and live TUI dashboard

A collection of Python utilities and build artifacts used to package and sign small Windows helper applications for interacting with Wazuh and endpoint workflows. This repository contains tools for isolation handling, application registration, threat removal helpers, and desktop notifications.

Active Response for Cloudflare API

Enterprise Wazuh SIEM configuration with VirusTotal & MISP threat intelligence, OPNsense & MikroTik monitoring, automated active responses, Telegram SOC alerts, custom decoders/rules, and a Dockerized syslog collector. Includes MITRE ATT&CK mappings and ready-to-import dashboards.

Complete Wazuh YARA configuration guide

Network Intrusion Detection with Suricata integrated into Wazuh SIEM

SOC Automation Project (Wazuh, TheHive and Shuffle)

This SOC semi-automation project integrates Wazuh, Shuffle, IRIS, MISP, Google Chat, and Grafana to handle and respond security incidents targeting DVWA on both Windows and Ubuntu. Goals: to execute automated security workflows for event collection, alert escalation, and incident response based on administrator decisions.

Enterprise SIEM implementation using Wazuh with FIM, YARA malware detection, and automated Active Response

MODINE IDEAL: A High-Performance Cyber Defense & Intelligence Ecosystem. Engineered for proactive Threat Hunting, Zero-Day detection, and Automated Incident Response. Leveraging Wazuh and MITRE ATT&CK mapping to transform passive monitoring into an active security stronghold.

Wazuh Active Response Script to Add IP to `ipset` List