{"id":110,"date":"2025-11-30T16:33:09","date_gmt":"2025-11-30T16:33:09","guid":{"rendered":"https:\/\/adler-tech.com\/?page_id=110"},"modified":"2026-04-14T08:57:07","modified_gmt":"2026-04-14T07:57:07","slug":"wazuh-advanced-training","status":"publish","type":"page","link":"https:\/\/adler-tech.com\/?page_id=110","title":{"rendered":"Wazuh Advanced Training"},"content":{"rendered":"\n<p><strong>3 days (24 hours total)<\/strong><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\"><\/h1>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Day 1 \u2014 Advanced Architecture &amp; Detection Engineering (8h)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 1: Advanced Wazuh Architecture (1h)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Multi-manager topologies<\/li>\n\n\n\n<li>Distributed indexer clusters<\/li>\n\n\n\n<li>HA strategies<\/li>\n\n\n\n<li>Load balancing<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 2: Advanced Agent Behavior (1h)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Agent internal queues<\/li>\n\n\n\n<li>Log batching<\/li>\n\n\n\n<li>Secure enrollment tokens<\/li>\n\n\n\n<li>Agentless SSH-based monitoring (deep dive)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 3: Deep Dive into Decoders (2h)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Chained decoders<\/li>\n\n\n\n<li>Regex optimization<\/li>\n\n\n\n<li>Json\/XML\/YAML parsing<\/li>\n\n\n\n<li>Using <em>wazuh-logtest<\/em> for profiling<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 4: Detection Engineering with Custom Rules (2h)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Writing high-fidelity rules<\/li>\n\n\n\n<li>Thresholding &amp; correlation<\/li>\n\n\n\n<li>Dynamic fields<\/li>\n\n\n\n<li>Multi-event correlation patterns<\/li>\n\n\n\n<li>Testing accuracy vs noise<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 5: Zero-Noise Ruleset Tuning (2h)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Noise sources identification<\/li>\n\n\n\n<li>Module-level tuning (FIM, SCA, Syscollector, Vulnerabilities)<\/li>\n\n\n\n<li>Log pipeline suppression<\/li>\n\n\n\n<li>Scaling ruleset performance<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Day 2 \u2014 Threat Intelligence, Integrations &amp; Pipelines (8h)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 6: Threat Intelligence Integration (2h)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>MISP integration<\/li>\n\n\n\n<li>STIX\/TAXII feeds<\/li>\n\n\n\n<li>Custom IOC lists<\/li>\n\n\n\n<li>Reputation-based alerting<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 7: Advanced Log Pipelines (2h)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Multi-source log ingestion<\/li>\n\n\n\n<li>Remote syslog architectures<\/li>\n\n\n\n<li>Log normalization strategy<\/li>\n\n\n\n<li>Performance considerations<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 8: Cloud &amp; Container Security (2h)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AWS CloudTrail &amp; Config<\/li>\n\n\n\n<li>Azure Activity Logs<\/li>\n\n\n\n<li>Kubernetes auditing<\/li>\n\n\n\n<li>Docker runtime logs<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 9: External Analytics &amp; SIEM Integration (2h)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Splunk<\/li>\n\n\n\n<li>Elastic federated search<\/li>\n\n\n\n<li>Loki\/Grafana stack<\/li>\n\n\n\n<li>Forwarding Wazuh alerts to external SIEMs<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Day 3 \u2014 Operations, Security Hardening &amp; Automation (8h)<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 10: Wazuh Manager Hardening (1h)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>TLS for all components<\/li>\n\n\n\n<li>API security hardening<\/li>\n\n\n\n<li>Role-based access<\/li>\n\n\n\n<li>Secrets storage<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 11: Indexer Optimization &amp; Scaling (1h)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Shards &amp; replicas design<\/li>\n\n\n\n<li>Hot\/warm\/cold storage<\/li>\n\n\n\n<li>Curator strategies<\/li>\n\n\n\n<li>High-ingest tuning<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 12: Automated Operations (2h)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Terraform deployment of Wazuh<\/li>\n\n\n\n<li>Ansible collections<\/li>\n\n\n\n<li>Automated agent rollout<\/li>\n\n\n\n<li>Continuous configuration enforcement<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 13: Advanced Dashboards &amp; Visualizations (2h)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Custom dashboards<\/li>\n\n\n\n<li>Threat-hunting views<\/li>\n\n\n\n<li>Correlation visualizations<\/li>\n\n\n\n<li>SLA monitoring dashboards<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Chapter 14: Incident Response Workflow Integration (2h)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SOAR platforms<\/li>\n\n\n\n<li>Automated ticketing (Jira, ServiceNow)<\/li>\n\n\n\n<li>Enrichment hooks<\/li>\n\n\n\n<li>Playbook triggers<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>3 days (24 hours total) Day 1 \u2014 Advanced Architecture &amp; Detection Engineering (8h) Chapter 1: Advanced Wazuh Architecture (1h) Chapter 2: Advanced Agent Behavior (1h) Chapter 3: Deep Dive into Decoders (2h) Chapter 4: Detection Engineering with Custom Rules (2h) Chapter 5: Zero-Noise Ruleset Tuning (2h) Day 2 \u2014 Threat Intelligence, Integrations &amp; Pipelines [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":106,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-110","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Wazuh Advanced Training - ADLER-TECH<\/title>\n<meta name=\"description\" content=\"Advanced training for Wazuh focues on agent behavior, detection rules, adjusting rules to your liking. Integration with Splunk\/ELK\/Grafana\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/adler-tech.com\/?page_id=110\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Wazuh Advanced Training - ADLER-TECH\" \/>\n<meta property=\"og:description\" content=\"Advanced training for Wazuh focues on agent behavior, detection rules, adjusting rules to your liking. Integration with Splunk\/ELK\/Grafana\" \/>\n<meta property=\"og:url\" content=\"https:\/\/adler-tech.com\/?page_id=110\" \/>\n<meta property=\"og:site_name\" content=\"ADLER-TECH\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-14T07:57:07+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/adler-tech.com\\\/?page_id=110\",\"url\":\"https:\\\/\\\/adler-tech.com\\\/?page_id=110\",\"name\":\"Wazuh Advanced Training - ADLER-TECH\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/adler-tech.com\\\/#website\"},\"datePublished\":\"2025-11-30T16:33:09+00:00\",\"dateModified\":\"2026-04-14T07:57:07+00:00\",\"description\":\"Advanced training for Wazuh focues on agent behavior, detection rules, adjusting rules to your liking. Integration with Splunk\\\/ELK\\\/Grafana\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/adler-tech.com\\\/?page_id=110#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/adler-tech.com\\\/?page_id=110\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/adler-tech.com\\\/?page_id=110#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/adler-tech.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trainings\",\"item\":\"https:\\\/\\\/adler-tech.com\\\/?page_id=7\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"SIEM\\\/EDR\",\"item\":\"https:\\\/\\\/adler-tech.com\\\/?page_id=106\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Wazuh Advanced Training\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/adler-tech.com\\\/#website\",\"url\":\"https:\\\/\\\/adler-tech.com\\\/\",\"name\":\"ADLER-TECH\",\"description\":\"Best IT trainings, support and bodyleasing\",\"publisher\":{\"@id\":\"https:\\\/\\\/adler-tech.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/adler-tech.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/adler-tech.com\\\/#organization\",\"name\":\"ADLER-TECH\",\"url\":\"https:\\\/\\\/adler-tech.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/adler-tech.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/adler-tech.com\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/ADLER-TECH_LOGO.png\",\"contentUrl\":\"https:\\\/\\\/adler-tech.com\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/ADLER-TECH_LOGO.png\",\"width\":361,\"height\":121,\"caption\":\"ADLER-TECH\"},\"image\":{\"@id\":\"https:\\\/\\\/adler-tech.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/110643968\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Wazuh Advanced Training - ADLER-TECH","description":"Advanced training for Wazuh focues on agent behavior, detection rules, adjusting rules to your liking. Integration with Splunk\/ELK\/Grafana","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/adler-tech.com\/?page_id=110","og_locale":"en_US","og_type":"article","og_title":"Wazuh Advanced Training - ADLER-TECH","og_description":"Advanced training for Wazuh focues on agent behavior, detection rules, adjusting rules to your liking. Integration with Splunk\/ELK\/Grafana","og_url":"https:\/\/adler-tech.com\/?page_id=110","og_site_name":"ADLER-TECH","article_modified_time":"2026-04-14T07:57:07+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/adler-tech.com\/?page_id=110","url":"https:\/\/adler-tech.com\/?page_id=110","name":"Wazuh Advanced Training - ADLER-TECH","isPartOf":{"@id":"https:\/\/adler-tech.com\/#website"},"datePublished":"2025-11-30T16:33:09+00:00","dateModified":"2026-04-14T07:57:07+00:00","description":"Advanced training for Wazuh focues on agent behavior, detection rules, adjusting rules to your liking. Integration with Splunk\/ELK\/Grafana","breadcrumb":{"@id":"https:\/\/adler-tech.com\/?page_id=110#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/adler-tech.com\/?page_id=110"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/adler-tech.com\/?page_id=110#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/adler-tech.com\/"},{"@type":"ListItem","position":2,"name":"Trainings","item":"https:\/\/adler-tech.com\/?page_id=7"},{"@type":"ListItem","position":3,"name":"SIEM\/EDR","item":"https:\/\/adler-tech.com\/?page_id=106"},{"@type":"ListItem","position":4,"name":"Wazuh Advanced Training"}]},{"@type":"WebSite","@id":"https:\/\/adler-tech.com\/#website","url":"https:\/\/adler-tech.com\/","name":"ADLER-TECH","description":"Best IT trainings, support and bodyleasing","publisher":{"@id":"https:\/\/adler-tech.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/adler-tech.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/adler-tech.com\/#organization","name":"ADLER-TECH","url":"https:\/\/adler-tech.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/adler-tech.com\/#\/schema\/logo\/image\/","url":"https:\/\/adler-tech.com\/wp-content\/uploads\/2026\/04\/ADLER-TECH_LOGO.png","contentUrl":"https:\/\/adler-tech.com\/wp-content\/uploads\/2026\/04\/ADLER-TECH_LOGO.png","width":361,"height":121,"caption":"ADLER-TECH"},"image":{"@id":"https:\/\/adler-tech.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/110643968"]}]}},"_links":{"self":[{"href":"https:\/\/adler-tech.com\/index.php?rest_route=\/wp\/v2\/pages\/110","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/adler-tech.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/adler-tech.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/adler-tech.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/adler-tech.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=110"}],"version-history":[{"count":1,"href":"https:\/\/adler-tech.com\/index.php?rest_route=\/wp\/v2\/pages\/110\/revisions"}],"predecessor-version":[{"id":111,"href":"https:\/\/adler-tech.com\/index.php?rest_route=\/wp\/v2\/pages\/110\/revisions\/111"}],"up":[{"embeddable":true,"href":"https:\/\/adler-tech.com\/index.php?rest_route=\/wp\/v2\/pages\/106"}],"wp:attachment":[{"href":"https:\/\/adler-tech.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}