OSD Blog
Guides, comparisons, and best practices for deploying and managing your Wazuh SIEM.
Case Study: SaaS Startup Detects Root Compromise 24h After Deploying a SIEM
They had 15 people, no SOC, and enterprise prospects demanding a SIEM. 24 hours after deploying, they found a root compromise running for 9 days.
Managed SOC vs. Running Your Own SIEM: Cost Comparison for SMBs
A managed SOC costs €3-5K/month. A managed SIEM costs €50. Here is when each makes sense — and why most SMBs are overpaying for security.
How to Install Wazuh with Docker in 5 Minutes (Step-by-Step)
Deploy a full Wazuh SIEM stack with Docker Compose in under 5 minutes. Manager, indexer, and dashboard — from zero to monitoring in one terminal session.
NIS2 for Small Businesses: Do You Need to Comply? (Practical Guide)
NIS2 is live in the EU and penalties are steep. Find out if your small business needs to comply and what concrete steps to take — even without a security team.
Detecting Lateral Movement with Your SIEM: A Wazuh Guide
Attackers move laterally before they strike. Detect Pass-the-Hash, PsExec, WMI, and RDP pivoting with Wazuh rules mapped to MITRE ATT&CK.
How to Reduce False Positives in Your SIEM: Wazuh Tuning Guide
Alert fatigue kills your SOC. Learn how to tune Wazuh rules, use CDB lists, adjust severity levels, and go from 10K daily alerts to 50 actionable ones.
How to Detect Brute Force Attacks with Wazuh SIEM
Detect SSH, RDP, and web brute force attacks in real time with Wazuh. Includes rule IDs, custom detection rules, active response auto-blocking, and tuning tips.
SIEM for Startups: Real Costs Compared (2026)
Splunk costs $45K/year. Datadog $15K. OSD starts at €150/year. A transparent cost comparison of every SIEM option for startups in 2026.
How to Pass SOC 2 as a Startup (Without a $50K SIEM)
Enterprise clients demand SOC 2. Traditional SIEM stacks cost $50K+/year. Here is how startups pass SOC 2 Type II with Wazuh on OSD for under €50/month.
Affordable SIEM for Regulatory Compliance: NIS2, SOC 2, ISO 27001 from €15/month
NIS2, SOC 2, and ISO 27001 all require log centralization and security monitoring. Deploy a compliant SIEM with Wazuh and OSD for a fraction of commercial SIEM costs.
SOC 2 Compliance with a SIEM: How Wazuh Meets Trust Service Criteria
SOC 2 Type II audits require continuous security monitoring. Learn how Wazuh maps to SOC 2 Trust Service Criteria and generates the evidence auditors expect.
How Much Does Wazuh Cost? Wazuh Cloud Pricing Per Agent Per Month (2026)
Complete breakdown of Wazuh Cloud pricing per agent per month in 2026. Compare Wazuh Cloud ($571/mo) vs OSD (from 15 EUR/mo) and find the cheapest way to run Wazuh.
ISO 27001 Compliance with a SIEM: How Wazuh Maps to Annex A Controls
ISO 27001 certification demands continuous security monitoring. See how Wazuh maps to key Annex A controls and generates the audit evidence your certifying body expects.
NIS2 Directive: How a SIEM Helps EU Businesses Achieve Compliance
The NIS2 directive is now enforceable across the EU. Learn who must comply, what the key requirements are, and how Wazuh covers the essential security obligations.
Deploy Wazuh Agent on Linux (Ubuntu, Debian, CentOS)
Step-by-step guide to installing and enrolling Wazuh agents on Linux distributions. Covers Ubuntu, Debian, CentOS, and RHEL with package manager and manual methods.
OSD vs Wazuh Cloud: Which Deployment Model?
Compare OSD (Open SIEM Deployer) with Wazuh Cloud. Pricing, control, data sovereignty, and deployment speed for your Wazuh SIEM.
Splunk vs Wazuh: Complete SIEM Comparison
Splunk vs Wazuh head-to-head comparison. Pricing, features, scalability, ease of use, and total cost of ownership for enterprise SIEM needs.
Best Open-Source SIEM Solutions in 2026
Compare the top open-source SIEM platforms: Wazuh, OSSEC, Security Onion, AlienVault OSSIM, and more. Features, pricing, and deployment complexity.
Wazuh Architecture Explained: Indexer, Server, Dashboard
Understand how Wazuh works under the hood. Deep dive into the three main components: Wazuh Indexer, Wazuh Server, and Wazuh Dashboard, and how they interact.
Case Study: Marketing Agency Discovers Client Data Breach Via SIEM Alerts
A marketing agency found a former employee was still accessing client data 3 months after leaving. Their €50/month SIEM caught what HR and IT missed.
Case Study: Pharma Company Achieves GxP Audit Trail with a Managed SIEM
A pharma company needed GxP audit trails. FIM on their QMS caught an unauthorized change to a batch record template — before the FDA audit.
Case Study: Aerospace Subcontractor Meets CMMC Logging Requirements with a €95 SIEM
An aerospace subcontractor needed CMMC logging for a defense contract. Zero to compliant in 2 hours. Cost: €95/month.
Case Study: IoT Manufacturer Catches Firmware Build Server Tampering
An IoT manufacturer found unauthorized changes on their firmware build server. Without their SIEM, compromised firmware would have shipped to 12,000 devices.
Case Study: IT Services Company Passes Client Security Audit in 48 Hours
An ESN had 5 days to pass a client security audit. They deployed a SIEM in 30 minutes and passed — with documented evidence.
Case Study: Logistics Company Stops Ransomware Before Encryption Starts
A logistics company detected lateral movement 3 hours before ransomware encryption. Their €95/month SIEM caught what their antivirus missed.
GDPR Log Monitoring: What Logs Must You Keep and For How Long?
GDPR requires you to detect breaches within 72 hours. Without log monitoring, that is impossible. Here is exactly what logs you need and for how long.
Security Audit Checklist for Startups: 15 Points to Pass Every Time
Enterprise clients and investors will audit your security. Here is the 15-point checklist to pass — and how a €50/month SIEM covers half of it.
SIEM Log Sources: Which to Connect First for Maximum Detection
Not all logs are equal. A prioritized 90-day roadmap to connect authentication, endpoints, firewalls, cloud, and DNS logs to your Wazuh SIEM.
Detect Malicious PowerShell with Wazuh: Rules and Examples
PowerShell is the #1 attacker tool. Detect encoded commands, download cradles, AMSI bypass, and C2 frameworks with Wazuh custom rules and Sysmon.
Security Monitoring for SaaS: What to Log and Why
SaaS companies handle sensitive customer data but most have zero security monitoring. What to log, why it matters, and how to deploy monitoring in 5 minutes.
The Series A Security Checklist: SIEM, Logs & Compliance
Investors and enterprise clients audit your security during due diligence. The 12-point checklist to be Series A-ready, and how Wazuh covers half of it.
How to Authenticate a Wazuh Agent on Windows Server with Password (Step-by-Step)
Secure Wazuh agent enrollment on Windows Server with password authentication. Covers Server Core, GPO deployment, and AD event monitoring.
How to Authenticate a Wazuh Agent on Windows with Password (Step-by-Step)
Secure your Windows Wazuh agent enrollment with password authentication. Full walkthrough using the MSI installer and PowerShell.
Your Startup's First SIEM: What to Deploy and When
When does a startup need a SIEM? What to deploy first? This guide covers triggers, tool selection, and how to go from zero to monitored in under an hour.
How to Authenticate a Wazuh Agent on Linux with Password (Step-by-Step)
Secure your Linux Wazuh agent enrollment with password authentication. Full walkthrough for Ubuntu, Debian, CentOS, and RHEL.
How to Authenticate a Wazuh Agent on macOS with Password (Step-by-Step)
Secure your macOS Wazuh agent enrollment with password authentication. Full walkthrough from manager configuration to agent verification on Intel and Apple Silicon Macs.
Fix: AxiosError EACCES Permission Denied on wazuh.yml in Docker
Getting "AxiosError: EACCES: permission denied, open wazuh.yml" on Wazuh Docker? Here is the quick fix with the exact commands to resolve the file ownership issue.
Ransomware Detection with SIEM: How Wazuh Catches Attacks Early
Your SIEM is your first line of defense against ransomware. Learn how Wazuh detects mass file encryption, suspicious processes, and lateral movement before it is too late.
SIEM Pricing Comparison 2026: The True Cost of Every Major Platform
A transparent breakdown of SIEM costs in 2026 -- from Splunk to open-source alternatives. Includes hidden costs, TCO tables, and guidance for teams under 500 users.
SIEM for Startups: Security Monitoring From Day One
Startups need a SIEM earlier than they think. Learn when to deploy, how to satisfy SOC 2 auditors, and why Wazuh is the cost-effective choice for growing teams.
Cyber Insurance & SIEM: How to Meet Insurer Requirements and Lower Premiums
Cyber insurance premiums are rising fast. Learn how deploying a SIEM like Wazuh helps you meet insurer requirements, reduce your risk profile, and lower your rates.
The Complete SIEM Guide for Small and Medium Businesses
SMBs are prime cyberattack targets, yet most lack security monitoring. This guide shows how to choose, deploy, and run a SIEM on a small business budget.
Running a SIEM Without a Dedicated SOC Team
You do not need a dedicated SOC team to benefit from a SIEM. Here is how to make Wazuh work for your small team with automation, alert tuning, and a 30-minute weekly routine.
SIEM vs EDR vs XDR: What's the Difference?
SIEM, EDR, and XDR decoded. Learn the key differences, where they overlap, and how Wazuh covers SIEM plus endpoint security in a single open-source platform.
What Is a SIEM? A Complete Beginner's Guide
SIEM explained in plain language. Learn what Security Information and Event Management does, how it works in 4 steps, and how to get started with your first SIEM.
Integrate Microsoft 365 Logs with Wazuh
Connect M365 audit logs to Wazuh. Azure AD app setup, Office 365 Management API, suspicious sign-in detection, and compliance monitoring.
Integrate Google Cloud Logs with Wazuh
Connect GCP audit logs to Wazuh SIEM using Pub/Sub. Configure log sinks, the gcp-pubsub module, and custom detection rules for cloud security events.
Collect Proxmox VE Logs in Wazuh
Integrate Proxmox VE hypervisor logs into Wazuh SIEM. Agent installation, authentication monitoring, VM lifecycle events, and cluster security.
Collect OPNsense Firewall Logs in Wazuh
Integrate OPNsense firewall and Suricata IDS logs into Wazuh. Remote syslog setup, filter log parsing, IDS alert correlation, and dashboard tips.
Collect Palo Alto Firewall Logs in Wazuh
Forward Palo Alto PAN-OS firewall logs to your Wazuh SIEM. Step-by-step syslog configuration, custom decoders, rules, and threat visibility dashboards.
Collect Fortinet FortiGate Logs in Wazuh
Integrate Fortinet FortiGate firewall logs into your Wazuh SIEM. Syslog forwarding setup, custom decoders, alerting rules, and dashboard tips.
Collect Cisco ASA, Switch & Router Logs in Wazuh
Integrate Cisco ASA, IOS switches, and routers with Wazuh SIEM. Syslog forwarding, built-in decoders, custom rules, and network security visibility.
Cloud Security Monitoring with Wazuh (AWS, Azure)
Monitor your cloud infrastructure with Wazuh. Integrate AWS CloudTrail, GuardDuty, Azure Activity Logs, and detect cloud-specific threats.
Rootkit Detection with Wazuh
Detect rootkits and hidden malware on your servers using Wazuh. Configure rootcheck scanning, understand alerts, and set up automated remediation.
Understanding the Wazuh Security Dashboard
Navigate the Wazuh dashboard like a pro. Learn about security events, agent overview, integrity monitoring, and vulnerability panels for effective SOC operations.
Automated Threat Response with Wazuh Active Response
Configure Wazuh to automatically respond to threats: block IPs, kill processes, quarantine files. Reduce incident response time from hours to seconds.
Log Collection and Analysis in Wazuh
Configure Wazuh to collect and analyze logs from servers, applications, firewalls, and cloud services. Syslog, JSON, Windows Events, and custom log formats.
Deploy Wazuh Agent via Group Policy (GPO)
Deploy the Wazuh agent across your Active Directory domain using Group Policy. MSI deployment, startup scripts, and automated enrollment.
PCI-DSS and GDPR Compliance with Wazuh
Use Wazuh built-in compliance dashboards for PCI-DSS, GDPR, HIPAA, and NIST 800-53. Generate audit-ready reports and monitor compliance in real time.
Deploy Wazuh Agent on macOS with Jamf Pro
Mass-deploy the Wazuh agent to your Mac fleet using Jamf Pro. PKG packaging, Smart Groups targeting, and automated enrollment.
Deploy Wazuh Agent at Scale with Microsoft Intune
Push the Wazuh agent to Windows endpoints using Microsoft Intune MDM. Win32 app packaging, deployment profiles, and monitoring compliance.
Vulnerability Detection with Wazuh
Scan your infrastructure for known vulnerabilities (CVEs) using Wazuh. Configure vulnerability feeds, prioritize remediation, and generate reports.
Wazuh File Integrity Monitoring (FIM) Guide
Monitor critical file changes in real-time with Wazuh FIM. Configure directories, exclusions, alerting thresholds, and compliance reporting.
Uninstall Wazuh Agent on macOS
Complete guide to removing the Wazuh agent from macOS. Covers the uninstall script, manual removal, LaunchDaemon cleanup, and verification steps.
Uninstall Wazuh Agent on Windows (Server & Desktop)
Complete guide to removing the Wazuh agent from Windows Server and Desktop. Covers GUI, command-line, and PowerShell methods with cleanup steps.
Uninstall Wazuh Agent on Linux (Ubuntu, Debian, CentOS, RHEL)
Step-by-step guide to uninstalling Wazuh agents from Linux distributions. Covers APT and YUM removal, service cleanup, and post-uninstall verification.
Managing Wazuh Agent Groups at Scale
Organize and manage hundreds of Wazuh agents using groups. Apply different policies, configurations, and monitoring rules per group.
How to Tune Wazuh Alerts to Reduce Noise
Reduce alert fatigue in your SOC. Learn how to tune Wazuh rules, adjust severity levels, create custom rules, and implement alert suppression.
Wazuh Agent Enrollment Authentication Setup
Secure your Wazuh agent enrollment with password authentication. Prevent unauthorized agents from connecting to your SIEM manager.
Deploy Wazuh Agent on macOS
Protect your Mac fleet with Wazuh agents. Learn how to install, configure, and enroll macOS endpoints for comprehensive security monitoring.
Deploy Wazuh Agent on Windows Server and Desktop
Install the Wazuh agent on Windows using the MSI installer or command line. Monitor Windows events, files, and security policies from your SIEM dashboard.
Update Wazuh on OSD (Open SIEM Deployer)
Step-by-step guide to safely updating your Wazuh Docker instance deployed by OSD. Backup, pull new images, and verify after upgrade.
Budget-Friendly SIEM Deployment for SMBs
Deploy a production-grade SIEM for under €20/month. How small and medium businesses can leverage Wazuh and OSD for enterprise-level security monitoring.
SIEM Log Retention: How Long Should You Keep Logs?
Define your SIEM log retention strategy. Compliance requirements, storage costs, legal considerations, and practical recommendations by industry.
Managed SIEM vs Self-Hosted: Pros and Cons
Should you use a managed SIEM service or self-host? Analyze costs, control, compliance, maintenance, and security implications of each approach.
Elastic SIEM vs Wazuh: Feature-by-Feature Comparison
Elastic Security (formerly Elastic SIEM) versus Wazuh. Compare detection rules, dashboards, integrations, licensing, and deployment models.
SIEM Best Practices for 2026
Essential SIEM best practices for modern security operations. From log management to alert tuning, incident response workflows, and compliance reporting.
SIEM Sizing Guide: How Many Resources Do You Need?
Calculate the right server resources for your SIEM deployment. CPU, RAM, storage requirements based on agent count, log volume, and retention period.