/tags/wazuh/ Recent content in Wazuh on My Blogs Hugo en-us Fri, 20 Mar 2026 00:00:00 +0000 /posts/wazuh-siem-+-ssh-attack-mitigation/ Fri, 20 Mar 2026 00:00:00 +0000 /posts/wazuh-siem-+-ssh-attack-mitigation/ <h2 id="-problem">🧩 Problem</h2> <p>I wanted to simulate a real-world security environment in my homelab where I could detect and respond to SSH brute-force attacks and at the same time monitor my devices</p> <hr> <h2 id="-solution-overview">🛠️ Solution Overview</h2> <p>I deployed Wazuh as a SIEM solution and configured it to detect SSH login attempts and automatically block malicious IPs.</p> <hr> <h2 id="-environment">🔧 Environment</h2> <ul> <li>Ubuntu Server (Wazuh Manager)</li> <li>Linux target machine (with SSH enabled)</li> <li>Public exposure via port forwarding</li> </ul> <hr> <h2 id="-step-1-install-wazuh">🚀 Step 1: Install Wazuh</h2> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>curl -sO https://packages.wazuh.com/4.14/wazuh-install.sh <span style="color:#f92672">&amp;&amp;</span> sudo bash ./wazuh-install.sh -a </span></span></code></pre></div><p>After installation, accessed dashboard:</p>