Original community content for Wazuh practitioners
Detection rules · Attack simulations · Integrations · Dashboards · Compliance labs
wazuh_hub is an independent community repository created under the Wazuh Ambassador Program. Every piece of content here is original — written and tested from real-world experience, not reproduced from official sources.
The goal is to go beyond what official documentation covers: practical labs, custom detection logic, and real attack scenarios that help Wazuh practitioners learn by doing.
📖 New to Wazuh? Start with the Official Documentation first — this repository extends it, not replaces it.
All content is developed and tested on:
| Component | Version |
|---|---|
| Wazuh Manager | 4.14.5 |
| Wazuh Indexer | 4.14.5 |
| Wazuh Dashboard | 4.14.5 |
| Wazuh Agent | 4.14.5 |
Each folder contains original, ready-to-use content with its own README explaining the scenario, prerequisites, and expected results.
| Folder | Description |
|---|---|
detection-rules/ |
Custom XML rules for Linux, Windows, and cloud platforms |
simulations/ |
Step-by-step attack labs with expected Wazuh alert output |
integrations/ |
Connecting Wazuh to Slack, TheHive, VirusTotal, and more |
dashboards/ |
Importable .ndjson panels for threat hunting and compliance |
compliance/ |
PCI DSS, HIPAA, and GDPR coverage demonstrations |
docs/ |
Setup guides for building Wazuh lab environments |
MIT — see LICENSE.
Wazuh® is a registered trademark of Wazuh Inc. This is an independent community project, not officially affiliated with Wazuh Inc.