Setting up Wazuh SIEM with SSH Brute Force Attack Detection and Mitigation
๐งฉ Problem I wanted to simulate a real-world security environment in my homelab where I could detect and respond to SSH brute-force attacks and at the same time monitor my devices ๐ ๏ธ Solution Overview I deployed Wazuh as a SIEM solution and configured it to detect SSH login attempts and automatically block malicious IPs. ๐ง Environment Ubuntu Server (Wazuh Manager) Linux target machine (with SSH enabled) Public exposure via port forwarding ๐ Step 1: Install Wazuh curl -sO https://packages.wazuh.com/4.14/wazuh-install.sh && sudo bash ./wazuh-install.sh -a After installation, accessed dashboard: ...