Curated list of Wazuh resources, tools, and integrations
Wazuh is a free, open-source security monitoring platform for threat prevention, detection, and response.
- Official Documentation
- Getting Started
- Deployment
- Rules & Detection
- Integrations
- Tools & Utilities
- Compliance
- Training & Certification
- Guides & Tutorials
- Ambassador Program
- Community
- Contributing
- ๐ข Wazuh Documentation - Installation, configuration, and usage guides
- ๐ข Architecture Overview - System design and components
- ๐ข API Reference - REST API endpoints
- ๐ข Wazuh Blog - Weekly technical articles
- ๐ข Release Notes - Version history and changelog
- ๐ข Installation Guide - Step-by-step deployment instructions
- ๐ข Quickstart - Get running in 30-60 minutes
- ๐ข Wazuh Cloud - Fully managed SaaS option with free tier
- ๐ข Docker Quick Start - Single command deployment for testing
- ๐ข Official Docker Guide - Container deployment documentation
- ๐ข Docker Repository - Docker Compose files and images (1,000+ stars)
- ๐ข Official Kubernetes Guide - K8s cluster deployment
- ๐ข Helm Charts - Production-grade Helm packages with HA support
- ๐ก Terraform/OpenTofu Provider - Community provider, actively maintained
- ๐ก Terraform Registry - Official Terraform registry entry
- ๐ข Feature Request - Official Wazuh provider (planned)
- ๐ข Official Ansible Guide - Multi-host deployment automation
- ๐ข Ansible Playbooks - Ready-to-use playbooks (use release branches for production)
- ๐ข AWS Deployment - CloudTrail, GuardDuty, Security Hub, Macie
- ๐ข Azure Deployment - Log Analytics, Microsoft Graph, Intune
- ๐ข GCP Deployment - Pub/Sub and Cloud Storage integration
- ๐ข Virtual Machines (OVA/AMI) - Pre-built images for quick POC
- ๐ข Wazuh QA - Automated testing and CI/CD infrastructure
- ๐ข Rules Documentation - Rule syntax and optimization
- ๐ข Custom Rules Guide - Writing and testing custom rules
- ๐ข Official Ruleset - Complete rule repository
- ๐ก socfortress/Wazuh-Rules - Community rule collection
- ๐ก Ghost47-coder/Wazuh-Rules - Custom rule set and decoders
- ๐ก Fortigate Rules & Decoders - Fortigate device monitoring
- ๐ก Unifi Decoder - Ubiquiti Unifi network monitoring
Monitor Synology DSM systems for security events, file integrity, and access logs.
- ๐ก st0rm-cr0w Synology Rules - DSM decoder and rules
- ๐ก Tomo-9925 Synology Rules - Alternative DSM decoder implementation
- ๐ข File Integrity Monitoring (FIM) - Detect unauthorized file changes
- ๐ข Vulnerability Detection - CVE scanning and assessment
- ๐ข Configuration Assessment (SCA) - Compliance validation and hardening
- ๐ข Malware Detection - ClamAV and YARA integration
- ๐ข Active Response - Automated threat response
Connect Wazuh with external platforms for alerting, ticketing, threat intelligence, and orchestration.
- ๐ข Slack - Real-time alerts to Slack channels
- ๐ข PagerDuty - On-call incident escalation
- ๐ข Email - SMTP alert delivery
- ๐ข Generic API Integration - Trigger any external API
- ๐ข ServiceNow Integration - REST API + Python script
- ๐ก Jira Integration - Community guide
- ๐ข VirusTotal - File hash and URL enrichment
- ๐ข CDB Lists - Custom threat intelligence lists
- ๐ข AWS Security Hub - CloudTrail, GuardDuty, and Security Lake integration
- ๐ข Azure Sentinel - Microsoft Sentinel integration
- ๐ข Google Cloud - Cloud Audit Logs integration
- ๐ก Shuffle SOAR - Open-source SOAR with Wazuh support
- ๐ข Shuffle + Teams Integration - SOAR-based Teams alerting
- ๐ก Automated Threat Detection & Response (Medium) - Real-world Wazuh + Shuffle threat response automation
- ๐ก wazuh2thehive - TheHive case management integration
- ๐ก wazuh-opencti - OpenCTI threat intelligence platform
- ๐ก wazuh-integrations - Collection of custom integrations
- ๐ก Prometheus Exporter - Prometheus metrics and monitoring
- ๐ก Telegram Alerting - Telegram notification script
- ๐ก Custom Telegram - Advanced Telegram alert formatting
- ๐ก wazuh-nmap - Nmap network scan integration
- ๐ก Wazuh Tools - Collection of operational utility scripts
- ๐ก MCP Server Wazuh - Model Context Protocol server for Wazuh
- ๐ก Wazuh MCP Server - Alternative MCP implementation
Map Wazuh capabilities to regulatory frameworks.
- ๐ข PCI-DSS - Payment Card Industry Data Security Standard
- ๐ข GDPR - EU data protection regulation
- ๐ข NIS-2 - EU critical infrastructure directive (audit deadline June 30, 2026)
- ๐ข ISO 27001 - Information security management standard
- ๐ข HIPAA - Healthcare data protection
- ๐ข NIST 800-53 - Federal security controls
- ๐ข TSC (SOC 2) - Trust Service Criteria
- ๐ข Official Training Courses - 4-day authorized certification program
- ๐ก YouTube Tutorials - Official video guides
- ๐ก Udemy - Complete Wazuh Course - Beginner to advanced
- ๐ก initMAX - Wazuh Training - Certified Wazuh Professional credential
- ๐ก SIEM Intelligence - Certified Wazuh Administrator - CWA credential
Community-contributed guides for specific use cases and advanced configurations.
- ๐ก Wazuh Complete Guide - Comprehensive Wazuh setup and configuration guide
- ๐ก SOAR Flow Guide - SOAR orchestration and automation patterns
- ๐ก Bruteforce Detection Guide - Detecting and responding to brute force attacks
Represent Wazuh in your region. Become an ambassador and share your expertise.
- ๐ข Wazuh Ambassador Program - How to become an ambassador
- Ambassador Activities Guide - Content creation, speaking, training, partnerships
- ๐ข Wazuh Community - Slack workspace and forums
- ๐ข GitHub Discussions - Q&A and feature requests
- ๐ข GitHub Organization - 31+ repositories (14,600+ stars on main)
- ๐ข Professional Support - SLA-backed support services
This repository includes deployment templates and examples:
- Docker Compose (examples/docker-compose/) - Single and multi-node setups
- Terraform (examples/terraform/) - Infrastructure-as-code templates (OpenTofu compatible)
- Ansible (examples/ansible/) - Multi-host playbooks
- Vagrant (examples/vagrant/) - Local VM-based lab
Contributions welcome. To add a resource:
- Verify the link works (HTTP 200)
- Use appropriate badge: ๐ข Official (Wazuh project) | ๐ก Community
- Keep description to 1-2 lines, concrete and useful
- Add in correct category and alphabetical order
- Submit pull request
See CONTRIBUTING.md for guidelines.
Curated by: Franco Tampieri (TTlabยฎ - Security & DevOps) | franco.tampieri@ttlab.it
Badges: ๐ข = Official (Wazuh) | ๐ก = Community