Master the open-source security platform Wazuh: Learn how to set up a professional on-premises SOC, conduct threat hunting, and ensure your digital sovereignty in accordance with NIS 2.
In times of increasing cyber threats and stricter regulatory requirements under NIS 2, the ability to independently and competently operate a Security Operations Center (SOC) infrastructure is becoming a core competency for every modern IT team. The Wazuh course provides the solid technical training you need to actively shape this digital sovereignty. And it does so completely independently of expensive vendor solutions, while maintaining full control over your data ON-Prem (on-site). The course presents Wazuh as a central component of a modern open-source SOC architecture and demonstrates its integration with Security Information and Event Management (SIEM), SOAR, CTI, and incident response components.
Wazuh is much more than just a free SIEM solution. It is a comprehensive security platform that combines a wide range of capabilities: from file integrity monitoring to detect unauthorized file changes, to security configuration assessment for verifying compliance settings, and log data collection from virtually any conceivable source. In this course, you will not only become familiar with the user interface but also gain a deep understanding of the underlying architecture. The course covers a broad spectrum of topics, ranging from Active Response configuration and Command Monitoring to the monitoring of privileged actions.
A key focus is on customization: you will learn how to build decoders to correctly parse your specific log formats and create rules to detect the threats most relevant to your environment. In addition, we teach advanced threat hunting techniques – the proactive search for hidden threats that have not yet triggered any alerts. The course also covers agentless monitoring, enabling you to monitor systems on which a Wazuh agent cannot be installed.
Upon successful completion of this course, you will be able to independently apply the following skills and competencies:
- Fully configure, manage, and operate the Wazuh platform
- Identify, integrate, and monitor log sources
- Implement and test decoders for custom log formats
- Define, customize, and optimize detection rules
- Configure File Integrity Monitoring for critical systems
- Perform Security Configuration Assessments and automate compliance checks
- Configure Active Response mechanisms for automated countermeasures
- Implement command monitoring
- Deploy agentless monitoring for cloud and legacy systems
- Tune alerts to minimize false positives
- Create reports and dashboards for management
- Set up NOTIFICATIONS and escalation workflows
Benefits
This training provides participants with the knowledge and practical skills required to build, operate, and enhance modern SOC capabilities using open-source technologies.
- NIS2 Compliant: Supports the implementation of regulatory cybersecurity requirements.
- Digital Sovereignty: Maintain full control over your security data, infrastructure, and processes.
- On-Premises Ready: Licenses and data remain within your own data center environment.
- Cost-Efficient: No licensing fees, allowing budgets to focus on infrastructure and personnel.
- Hands-On Learning: Practical labs based on realistic attack and defense scenarios.
- Comprehensive Coverage: From initial configuration to advanced threat hunting techniques.
- Future-Proof: Backed by an active community, regular updates, and continuously expanding documentation.
- Integrated Security Ecosystem: Supports integration with SOAR, CTI, and incident response solutions.
Technology Division & Components
- SIEM: Wazuh, Opensearch
- SOAR: n8n, Shuffle
- EDR / XDR: Wazuh XDR
- Network Detection: Suricata, Zeek
- Cyber Threat Intelligence: MISP
- Incident Response: DFIR-IRIS
- Additional tools: Zammad, Kali, ClamAV, …
Target Groups & Relevance
- SOC Analysts: Deepen day-to-day SOC activities using Wazuh.
- IT Administrators: Learn how to build and operate an in-house SOC infrastructure.
- Security Engineers: Implement and automate security monitoring and response processes.
- Compliance Officers: Demonstrate and support compliance with NIS2 requirements.
- System Administrators: Enhance existing systems with advanced security capabilities.
Our SOC Expert:
Costs and Completion
Minimum number of participants: 6 (maximum 8)
Course duration: 3 days
Per participant: € 3,600 excl. VAT
Course location: SBA Research
A certificate of completion for the course will be issued.
Your contact person: Alexander Szönyi, aszoenyi@sba-research.org
Photo credit: Niklas Schnaubelt