Lightweight Rust intrusion-signal monitor for Linux VPS hosts with alerts, active response, baselines, and a fleet panel.
Command-line interface for the Wazuh REST API - agents, alerts, vulnerabilities, active response and live TUI dashboard
Enterprise-grade Wazuh SIEM/XDR + TheHive IRP deployment on WSL2 and Docker: detection engineering, MITRE ATT&CK mapping, automated active response, SOC dashboards & incident case management. Full SOC pipeline across 9 phases.
Active Response for Cloudflare API
A collection of Python utilities and build artifacts used to package and sign small Windows helper applications for interacting with Wazuh and endpoint workflows. This repository contains tools for isolation handling, application registration, threat removal helpers, and desktop notifications.
Enterprise Wazuh SIEM configuration with VirusTotal & MISP threat intelligence, OPNsense & MikroTik monitoring, automated active responses, Telegram SOC alerts, custom decoders/rules, and a Dockerized syslog collector. Includes MITRE ATT&CK mappings and ready-to-import dashboards.
Wazuh EDR deployment guide - Docker single-node manager with Linux agents, active response automation and vulnerability management
This SOC semi-automation project integrates Wazuh, Shuffle, IRIS, MISP, Google Chat, and Grafana to handle and respond security incidents targeting DVWA on both Windows and Ubuntu. Goals: to execute automated security workflows for event collection, alert escalation, and incident response based on administrator decisions.
Wazuh SOC home lab showcasing SIEM deployment, Windows and Linux endpoint monitoring, Sysmon, File Integrity Monitoring, custom alert tuning, and automated Active Response. Includes attack simulations, detection analysis, and Python-based SOAR-style enrichment.
SOC Zero Trust con deteccion y respuesta activa open source — TFG ASIR IES Valle Inclan 2025-2026
Complete Wazuh YARA configuration guide
Wazuh Wanguard Andrisoft Integration active-response
SOC Automation Project (Wazuh, TheHive and Shuffle)
Self-hosted threat feed service with reputation scoring, auto-promotion to permanent block, and FortiGate External Block List support
Network Intrusion Detection with Suricata integrated into Wazuh SIEM
Complete Wazuh SOC Lab featuring custom DLP rules, Active Response, Telegram alerting, and advanced threat hunting dashboards.
Enterprise SIEM implementation using Wazuh with FIM, YARA malware detection, and automated Active Response
Windows DFIR scanner for unauthorized RMM tools, living-off-the-land traces, endpoint trust health, and Watch Preview alerts.
MODINE IDEAL: A High-Performance Cyber Defense & Intelligence Ecosystem. Engineered for proactive Threat Hunting, Zero-Day detection, and Automated Incident Response. Leveraging Wazuh and MITRE ATT&CK mapping to transform passive monitoring into an active security stronghold.
Add a description, image, and links to the active-response topic page so that developers can more easily learn about it.
To associate your repository with the active-response topic, visit your repo's landing page and select "manage topics."