Implementation of Wazuh as a SIEM System for Network Attack Detection

  • Nurmi Hidayasari Politeknik Negeri Bengkalis
  • Kasmawi Kasmawi Politeknik Negeri Bengkalis
  • Mansur Mansur Politeknik Negeri Bengkalis
Keywords: Wazuh, SIEM, Attack Detection, Security Log, Network Monitoring

Abstract

This study discusses the implementation of Wazuh as a Security Information and Event Management (SIEM) system for detecting attacks on a network. Wazuh is configured as an open-source solution capable of collecting, monitoring, and analyzing security logs in a centralized manner. In this implementation, the Wazuh Manager is deployed on a Virtual Private Server (VPS) as the central log processing component, while the Wazuh Agent is installed on a web server to monitor system activities, collect web server logs, and detect file modifications through the File Integrity Monitoring (FIM) feature. Testing was conducted by simulating attacks such as brute-force login attempts and file modifications within the web directory. The results demonstrate that Wazuh successfully detected these suspicious activities and displayed real-time alerts through its dashboard. These findings indicate that Wazuh is effective as a SIEM system for attack detection, enhancing security visibility and strengthening early threat detection within network environments. Furthermore, this implementation provides a foundation for future development, including the integration of automated incident response and AI-based threat analysis.

Published
2025-12-02
Issue
Vol 1 No 1 (2025): International Conference on Industrial Technology and Business
Section
Articles