Wazuh Active Response MCP Server - AI Integration in Incident Response

In our recent blog posts, we’ve deployed and built several MCP servers designed to handle critical SOC operations such as alert investigation, threat intelligence, and more. Now, we’re shifting our...

Oct 22, 2025 MCP, Wazuh

Designing a Production-Grade Kafka + ELK Logging Pipeline on K8s - Part 1

Hello everyone! In my first blog post, I explored how I integrated Kafka into the SIEM (ELK Stack) to streamline and scale log ingestion. The setup worked well using Docker Compose, allowing me to...

Oct 8, 2025 kubernetes, log pipeline, elk

Setting Up Suricata In IPS Mode

Hi everyone, Lately I’ve been digging into the world of IDS, IPS, and NSM. While researching, I noticed that there are plenty of tutorials and guides explaining how to run Suricata as an IDS (Intr...

Oct 3, 2025 Suricata

Cortex MCP Server - The Future of Threat Intelligence

Hello, Now that we’ve explored using an Elasticsearch MCP Server in the previuos post, here, let’s go one step further: building a custom MCP server from scratch. I chose Cortex from The Hive Pro...

Sep 23, 2025 MCP, Cortx

SIEM on Steroids! Elasticsearch MCP Server

A practical guide to using Elasticsearch MCP Server to enhance SOC workflows. Learn how to query alerts, automate detection engineering tasks, and leverage LLMs for investigation at scale.

Sep 16, 2025 MCP, ELK, Elasticsearch, SIEM, SOC, LLM

Integrate EntraID with FleetDM SS0

Comprehensive guide to FleetDM and osquery. Learn how to deploy FleetDM with Docker, manage osquery agents, and integrate with your cybersecurity monitoring stack for enhanced visibility and defense.

Sep 2, 2025 Fleet DM, osquery, Cybersecurity Engineering, EntraID, AAD, Azure, IAM

FleetDM and osquery

Comprehensive guide to FleetDM and osquery. Learn how to deploy FleetDM with Docker, manage osquery agents, and integrate with your cybersecurity monitoring stack for enhanced visibility and defense.

Sep 1, 2025 Fleet DM, osquery, Cybersecurity Engineering

Kerberoast Attack - Kerberos Service Ticket Exploitation

Kerberoast Attack Detection with Wazuh - MITRE ATT&CK T1558.003

Comprehensive guide to Kerberoast attack (MITRE ATT&CK T1558.003). Learn how attackers exploit Service Principal Names to extract service account credentials, practical demonstration, and detection using Wazuh SIEM for cybersecurity defense.

Aug 12, 2025 Purple Team, Active Directory & Kerberos Abuse

DCSync Attack - Active Directory Replication Exploitation

DCSync Attack Detection with Wazuh - MITRE ATT&CK T1003.006

Comprehensive guide to DCSync attack (MITRE ATT&CK T1003.006). Learn how attackers abuse Directory Replication Service to extract NTLM hashes, Kerberos tickets, and KRBTGT credentials from Active Directory with detection using Wazuh EDR.

Jul 24, 2025 Purple Team, Active Directory & Kerberos Abuse

AS-REP Roasting Attack - Kerberos Authentication Exploitation

AS-REP Roasting Detection with Wazuh - MITRE ATT&CK T1558.004

Comprehensive guide to AS-REP Roasting attack (MITRE ATT&CK T1558.004). Learn how attackers exploit Kerberos pre-authentication, practical demonstration, and detection using Wazuh SIEM for cybersecurity defense.

Apr 27, 2025 Purple Team, Active Directory & Kerberos Abuse